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VOLUME  VI 
IN  THE  UNITED  STATES  ARMY 

UNITED  STATES 
VS. 

MANNING,  Bradley  E.,  PFC  COURT-MARTIAL 
U.S.  Army,   xxx— xx— 9504 

Headquarters  and  Headquarters  Company, 

U.S.  Army  Garrison, 

Joint  Base  Myer— Henderson  Hall, 

Fort  Myer,   VA  22211 

 / 

The  Hearing  in  the  above— titled  matter 
was  continued  on  Wednesday,   June  12,   2013,   at  1:30 
p.m.,    at  Fort  Meade,   Maryland,   before  the  Honorable 
Colonel  Denise  Lind,    Judge . 
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DISCLAIMER 

This  transcript  was  made  by  a  court 
reporter  who  is  not  the  official  Government 
reporter,   was  not  permitted  to  be  in  the  actual 
courtroom  where  the  proceedings  took  place,   but  in  a 
media  room  listening  to  and  watching  live 
audio/video  feed,   not  permitted  to  make  an  audio 
backup  recording  for  editing  purposes,    and  not 
having  the  ability  to  control  the  proceedings  in 
order  to  produce  an  accurate  verbatim  transcript . 

This  unedited,   uncertified  draft 
transcript  may  contain  court  reporting  outlines  that 
are  not  translated,   notes  made  by  the  reporter  for 
editing  purposes,  misspelled  terms  and  names,  word 
combinations  that  do  not  make  sense,   and  missing 
testimony  or  colloquy  due  to  being  inaudible  by  the 
reporter . 
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PROCEEDINGS, 

THE  COURT:     Court  is  called  to  order.  Let 
the  record  reflect  all  parties  present  when  the  court 
last  recessed  are  again  present  in  court .     Court  is 
called  to  order. 

Are  there  any  issues  we  need  to  address? 

MR.   FEIN:     No,  ma'am. 

THE  COURT:     Call  your  next  witness. 

MR.   COOMBS:     No,  ma'am. 

MR.   FEIN:     Ma'am,   the  United  States  offers 
two  stipulations,   Prosecution  Exhibit  117  and 
Prosecution  Exhibit  119. 

Your  Honor,    first  Prosecution  Exhibit  117 
Chief  Warrant  Officer  Jon  LaRue . 

(Whereupon,   Prosecution  Exhibit  117, 
stipulated  testimony  of  Chief  Warrant  Officer  Jon 
LaRue,   was  read  into  the  record.) 

MR.   FEIN:     Your  Honor,   the  stipulated 
testimony  of  Jacqueline  Scott  dated  June  10,  2013. 

(Whereupon,   Prosecution  Exhibit  119, 
stipulated  testimony  of  Jacqueline  Scott,   was  read  into 
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the  record.) 

MR.   MORROW:     United  States  recalls  Special 
Agent  David  Shaver. 
Whereupon, 

SPECIAL  AGENT  DAVID  SHAVER, 
called  as  a  witness,   having  been  previously  duly 
sworn  to  tell  the  truth,   the  whole  truth,  and 
nothing  but  the  truth,   was  examined  and  testified  as 
follows : 

CONTINUED  DIRECT  EXAMINATION: 
Q  Agent  Shaver,   you  are  still  under  oath. 

A  Yes,  sir. 

Q  Agent  Shaver,   what  is  a  SAM  or  SAM  file? 

A  Sir,   that  is  a  systematic,  systematic 

assist  manager.     What  that  is,   part  of  the  Microsoft 
security.      It  is  a  file  within  XP  operating  system.  It 
contains  both  the  user  names  and  part  of  the  encrypted 
password. 

Q  Now,   what  do  you  mean  by  part  of  the 

encrypted  password? 

A  Sir,    I'll  explain  it.      I'll  explain  how. 
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Q  Okay.     Take  your  time. 

A  Encrypted  works .     When  you  log  into  a 

computer  you  type  your  password  in.     It's  plain  text. 
You  can  see  it . 

Well,   what  the  computer  does  is  it  takes 
that  plain  text  password  and  passes  it  through  a 
mathematical  algorithm  and  creates  a  hash  value .  This 
is  a  first  step  of  a  security  feature.  Storing 
passwords  in  plain  text  is  not  very  smart .     Bad  people 
can  get  them  very  easily.     It  as  hash  value  and  breaks 
it  up  into  two  parts,   part  goes  to  the  SAM  file  and 
part  of  it  goes  to  the  system  file . 

This  is  another  security  feature  to  have 
the  password,   the  hash  and  password  broken  up  into  two 
pieces  and  finally  when  the  computer  is  running  the 
system  files,   the  SAM  and  system  files  are  locked, 
whereas  a  normal  user  cannot  access  them. 

Q  Now,   what  users  of  a  computer  could  access 

the  system  file  and  SAM  file? 

A  You  would  have  to  have  administrative  level 

privileges . 
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Q  If  you  don't  have  administrative  level 

privileges  what  is  another  way  you  can  view  the  SAM  or 
system  file? 

A  You  could  recruit  the  boot  and  use  Linux 

operating  system  which  is  a  configure  to  run  off  of  the 
CD.     So  it  doesn't  actually  install,    it  runs  from  it. 
Then  you  can  navigate  to  the  SAM  or  system  file  and 
view  the  contents . 

Q  Let's  back  up.     What  do  you  mean  by,  so 

what  is  Linux  first? 

A  Sir,   that's  just  another  operating  system. 

Q  And  what  do  you  mean  by  booting  the 

computer  from  a  CD? 

A  Well,   you  first  off,   you  need  to  download 

from  the  internet  a  Linux  distribution.  You  would  burn 
it  from  an  ISO  file  which  you  download  and  burn  it  to  a 
CD. 

Then  you  would  basically,   when  the  computer 
boots  up,   you  would  see  like  the  Dell  screen,  for 
example,    it  may  say  something  press  F9  to  boot  from  CD. 
Q  Now,    let  me  stop  there.     Where  would  you 
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find  the  Linux  operating  system?     Free  on  the  internet? 
A  Yes,  sir. 

Q  And  if  you  burned  a  CD  with  a  Linux 

operating  system  on  it,   at  least  on  a  Macintosh  or 
Apple,   Macbook  Pro,   where  would  you  see  evidence  of 
that? 

A  That  would  be  the  disk  utility  log  file. 

MR.   MORROW:     Retrieving  Prosecution  Exhibit 

125. 

I'm  handing  the  witness  Prosecution  Exhibit 

125. 

BY  MR.  MORROW: 

Q  Agent  Shaver,    do  you  recognize  that 

document  ? 

A  Um  — 

Q  Take  a  couple  minutes  to  review  it . 

A  Yes,    sir.     This  appears  to  be  the  disk 

utility  log  file. 

Q  And  did  you  review  this  disk  utility  log 

file? 

A  Yes,    sir;    I  did. 
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Q  When  you  reviewed  it,    did  you  observe  any 

activity  that  would  suggest  that  a  Linux  operating 
system  was  burned  to  a  CD? 

A  Yes . 

Q  Can  you  point  out  multiple  places  or  just 

one  place. 

(Witness  reading.) 
A  There  are  multiple  places,  sir. 

Q  What ' s  the  first  example? 

A  Line  112. 

Q  Okay . 

MR.   MORROW:     Permission  to  publish,  Your 

Honor? 

THE  COURT:     Go  ahead. 
BY  MR.  MORROW: 

Q  I  am  publishing  page  3  of  Prosecution 

Exhibit  125. 

Agent  Shaver,    can  you  explain  the 
information  contained  in  line  112  and  below,  please? 

A  Sure.     Yes,    sir.     On  February  1st,    2010  at 

1317  hours  local  time,   the  burning  image,   the  file  name 
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system  rescue  dash  X8 6— 1.3.5  dot  iso,   it  talks  about 
the  log  file  and  shows  it  preparing  data  for  burning. 
Opening  session.     Writing  session.  Closing. 
Verification.     And  finally  line  129  says  burn  complete 
successfully . 

Q  And  based  on  your  review  of  the  disk 

utility  log,   did  you  observe  or  what  are  the  other 
dates  you  observed,   approximately  observed  a  — 

A  Early  March  2010. 

Q  I'm  publishing  page  8  of  Prosecution 

Exhibit  125. 

Again,   explain  the  information  in  line  365. 
A  Sir,    can  you  slide  that  a  little  further  up 

so  I  can  see  it  further  down? 
Q  Sure . 

A  Other  way. 

Q  Other  way. 

A  Yes,    sir.     Line  365  says  on  March  2nd,  2010 

17:48:51  hours  burning  image  system  rescue  CD  dash 
X86— 1.3.5  dot  iso.     And  then  at  line  382  it  shows  that 
the  burn  completed  successful . 
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Q  Now,    again  what  is  the  dot  ISO  mean? 

A  That ' s  an  image  file  for  a  CD . 

Q  And  how  do  you  know  that,    just  looking  at 

that,   how  do  you  know  that's  a  Linux  operating  system? 

A  I  have  actually  burned  this  disk  to  CD  and 

utilized  it,   viewed  the  contents. 

Q  Now,   let ' s  say  that  you  boot  a  separate 

computer  using  a  CD  with  Linux  on  it,   how  would  you 
view  the  SAM  file? 

A  What  you  do  is  boot  to  CD.     The  operating 

system  would  come  up.     You  would  have  to  basically 
mount  the  hard  drive.     Mounting  is  making  it  accessible 
to  the  Linux  operating  system.     Navigate  to  the  SAM 
file  and  you  would  use  a  hex  editor  to  view  the 
context . 

Q  What ' s  a  hex  editor? 

A  To  view  the  contents  of  Microsoft  Word 

document,   you  would  use  the  program  Microsoft  Word. 
The  SAM  file  is  a  database .      It ' s  a  registry  file . 
It ' s  complicated  file  but  a  hex  editor  can  view  the 
contents . 
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MR.   MORROW:     Retrieving  Prosecution  Exhibit 
130  for  identification. 

People  handing  the  witness  Prosecution 
Exhibit  130  for  identification. 
BY  MR.  MORROW: 

Q  Do  you  recognize  those  images? 

A  Yes,    sir;    I  do. 

Q  And  what  are  they? 

A  These  are  two  screenshots  I  created.  The 

first  one  is  of  a  chat  that  was  recovered  from  PFC 
Manning's  personal  Macintosh.     The  second  is  a 
screenshot  of  the  EnCase  program  of  viewing  the  SAM 
file  from  the  dot  22  computer. 

MR.   MORROW:     Permission  to  publish,  Your 

Honor . 

THE  COURT:     Go  ahead. 
BY  MR.  MORROW: 

Q  Can  you  see  that  Special  Agent  Shaver? 

A  Yes,  sir. 

Q  Let ' s  start  here .     Do  you  see  the  line  that 

says  dawgnetwork  and  there ' s  a  series  of  numbers  and 
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letters  80C1104? 

A  Yes,  sir. 

Q  What  is  that? 

A  That  is  a  hex  value,   a  part  of  the  SAM  file 

from  dot  22  or  dot  40. 

Q  And  how  do  you  know  that? 

A  I  examined  both  computers  specifically  the 

SAM  file  but  the  entire  computer  and  (INAUDIBLE) 
allocated  to  find  the  unique  string  and  it  was  only 
located  within  the  SAM  file  of  the  dot  22  or  dot  40 
computer . 

Q  Based  on  the  presence  of  that  string  of 

numbers  and  characters  in  the  chats,   what  does  that 
tell  you? 

A  Somebody  had  gained  access  to  the  SAM  file 

to  find  that  unique  string. 

Q  Other  than  being  administrator,    is  that  the 

only  way  you  would  be  able  to  gain  access  to  that 
string  of  numbers  and  letters? 

A  There  may  be  some  hacker  tools  out  there 

but  the  most  common  way  would  be  to  use  a  Linux  CD  to 
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do  this . 

Q  Did  you  verify  whether  the  SIPRNET 

computers  associated  with  PFC  Manning  could  be  booted 
from  a  CD? 

A  Yes,    sir.      I  turned  it  back  into  a  virtual 

machine . 

Q  Let's  stop.     What's  a  virtual  machine? 

A  Sir,    again  a  virtual  machine  would  be,  your 

computer  would  be  the  host,    in  my  case  the  Windows 
machine,   but  the  guest  operating  system,   the  virtual 
machine,    could  be  anything,   Linux,   Mac,  Windows. 

Q  And  explain  the  process  of  booting  that  you 

went  through  here . 

A  Very  simple .      I   just  burned  the  same  system 

rescue  CD  that  I  found  on  PFC  Manning's  personal 
Macintosh  computer,   burned  the  CD.     Restored  the  — 
created  the  virtual  machine  and  booted  the  virtual 
machine  from  that  CD . 

Q  Once  you  booted  the  virtual  machine,  what 

did  you  do  next? 

A  I  then  navigated  to  the  SAM  file  and  I  was 
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using  the  hex  editor,   was  able  to  view  the  contents. 

Q  And  ultimately,   why  would  somebody  be 

interested  in  the  contents  of  a  SAM  file?  What's 
contained  in  that? 

A  Again,   users  names. 

MR.   HURLEY:     Objection.     Calls  for 

speculation . 

THE  COURT:     Do  you  know  what's  in  there? 
THE  WITNESS:     Yes,  ma'am. 
THE  COURT:  Overruled. 
A  User  names  and  part  of  a  hash  of  a 

password. 

Q  Finally,   what's  a  rainbow  table? 

A  Rainbow  table.     As  we  talked  about, 

passwords  are  hash  values .     That ' s  how  they  use 
mathematical    (INAUDIBLE)   to  create  hash  table.  Rainbow 
table,   you  regenerate  known  hash  values.     So  you  have 
dictionary  attacks  that  have  already  generated  hash 
value  and  then  you  have  a  program  that  checks  it .  The 
passwords,   the  hash  value  to  see  if  they  match.  It 
would  speed  up  cracking  or  decrypting  passwords . 
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Q  And  why  do  you  use  a  rainbow  table? 

A  It's,   it's  faster  to  decrypt  a  file,  a 

password.     And  in  this  case  you  have  the  hash  value  of 
a  user ' s  account .     The  rainbow  tables  would  be  tailored 
to  attack  that  and  it  would  take  just  moments  on  a  good 
computer  to  crack  a  password. 

Q  And  in  this  case  the  hash  value  80C1104, 

what  was  that  hash  value  associated  with  in  the  SAM 
file? 

A  That's  the  thing,    sir.      In  this  case,  the 

person  who  did  this  only  got  part  of  the  hash  value . 
It ' s  not  quite  right .  But  it  appears  to  be  from  the 
user's  account  FTP  user. 

Q  What  is  the  FTP  user  account? 

A  That ' s  just  a  user  account .      It  was  on  both 

22  and  40  as  probably  part  of  the  original  build  that 
was  pushed  out .     It  would  just  be  another  local  account 
on  the  computer. 

MR.   MORROW:     Your  Honor,   move  to  admitting 
Prosecution  Exhibit  130  into  evidence  as  Prosecution 
Exhibit  130. 
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MR.  HURLEY:  No  objection,  Your  Honor. 
THE  COURT:     Prosecution  Exhibit  130  is 

admitted. 

May  I  see  it,   please?     Thank  you. 
Thank  you  Agent  Shaver . 

THE  COURT:     Cross-examination?     I'm  sorry. 

MR.   MORROW:      I'm  handing  Exhibit  125  back 
to  the  court . 

CONTINUED  RECROSS  BY  MR.  HURLEY: 
Q  Good  afternoon,   Agent  Shaver? 

A  Good  afternoon,  sir. 

Q  Now,   you  just  testified  that  the  hash  value 

that  was  included  in  the  chat  was  not  the  full  hash 
value? 

A  That ' s  correct . 

Q  So  in  order  for  a  person  to  actually  gain 

access  to  the  passwords  contained  in  the  SAM,  they 
would  have  needed  more  of  the  hash  value? 

A  Yes,    sir,    I  mentioned  the  system  file,  you 

would  need  that  part  as  well . 

Q  So  the  hash  value  included  in  the  chat 
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wouldn't  be  enough  to  actually  gain  any  passwords  or 
user  information? 

A  Correct . 

MR.   HURLEY:     No  further  questions.  Thank 

you . 

THE  COURT:  Redirect? 

MR.   MORROW:     No,   Your  Honor. 

THE  COURT :     Temporary  or  permanent  excusal 
MR.   MORROW:     Temporary,   Your  Honor. 
THE  COURT:     Once  again,   you're  temporarily 
excused.     Same  rules  apply. 

THE  WITNESS:     Yes,  ma'am. 

MR.   FEIN:     The  United  States  asks  for  a 
10— minute  recess.     It  went  a  little  faster  than  we 
planned,    just  to  get  the  other  witnesses . 

THE  COURT:     Court  is  recessed  until  ten 
after  1400  or  2:00  o'clock. 

(Recess  taken.) 

THE  COURT:     Please  be  seated.     Court  is 
called  to  order. 

Major,   please  account  for  the  parties. 
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MR.   FEIN:     Yes,   ma'am.     All  parties  are 
present  with  the  exception  of  Captain  Morrow,  Captain 
Whyte  and  Mr .   von  Elten  are  present . 

MR.   Von  ELTEN:     Ma'am,   the  United  States 
calls  Greg  Weaver. 
Whereupon, 

GREGORY  WEAVER, 
called  as  a  witness,   having  been  first  duly  sworn  to 
tell  the  truth,   the  whole  truth,   and  nothing  but  the 
truth,   was  examined  and  testified  as  follows: 

DIRECT  EXAMINATION  BY  MR.   Von  ELTEN: 

Q  Are  you  Greg  Weaver  of  Bristow,  Virginia? 

A  Sir,   yes,    I  am. 

Q  Good  afternoon,   Mr.  Weaver. 

A  Good  afternoon,  sir. 

Q  What  is  your  military  experience? 

A  Sir,    I'm  a  retired  noncommissioned  officer. 

I  retired  in  19*7  as  a  retired  noncombat    (INAUDIBLE) . 
Last  duty  assignment  was  out  of  the  Pentagon. 

Q  What  did  you  do  in  your  last  duty 

assignment? 
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A  In  my  last  duty  assignment  for  the  military 

I  was  the  Army  operations  center  team  lead  working  24/7 
operations  in  the  Army  op  center,  directly  reporting  to 
the  secretary  and  chief  staff  of  the  army. 

Sir,   today  I  lead  a  compliance  branch  team 
of  military  and  civilian  personnel,   the  compliance 
branch  underneath  the  compliance  division  of  Army  Cyber 
Command,   a  newly  formed  organization  to  report  on 
compliance  activities  across  the  Army. 

Q  What  else  does  that  entail? 

A  Sir,   predominantly  we  are  the  reporting 

agency  for  all  inspections,   all  compliance  inspections 
across  the  Army,   the  conduct  of  lessons  learned,  the 
computer  network  defense  service  providing  services 
associated  with  our  Cyber  Mission,   plus  a  number  of 
administrative  duties . 

Q  Mr.   Weaver,   what  is  information  assurance? 

A  Sir,    information  assurance,   the  foundation 

principles  of  information  assurance  is  a  united 
approach  by  which  we  get  after  the  confidentiality, 
integrity  and  availability  non— (INAUDIBLE)   of  systems 
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and  information  systems  and  information  in  general  to 
ensure  its  security  and  reusability  or  usability  within 
the  Army. 

It's  a,   it's  not  a  standalone,   not  a 
standalone  concept  but  it  incorporates  many  facets  of 
other  security  disciplines  and  not  just  information 
assurance . 

Q  What  metrics  do  you  use  to  measure 

information  assurance? 

A  Sir,   there's  many  metrics  to  measure 

information  assurance.     One  of  them  would  be  compliance 
inspection.     One  of  them  would  be  reporting, 
assessments  in  general,   how  well  an  individual  or 
organization  is  evaluated  from  an  operational 
standpoint  as  to  how  well  they  perform  information 
assurance,   using  guidelines,   decision,  standards, 
checklists,   best  practices  and  so  forth. 

Q  How  long  have  you  been  in  this  position? 

A  In  this  position,    sir,    just  over,  since 

November  of  2011. 

Q  What  position  did  you  hold  prior  to  your 
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current  one? 

A  Prior  to  this  I  was  a  contract  support  to 

the  Department  of  Defense  and  the  Defense  (INAUDIBLE) 
Information  Assurance  Program  at  the  DoD  CIO ' s  office 
serving  capacity  as  a  subject  matter  expert  in  the 
areas  of  information  assurance,    computer  network 
defense  and  other  technology  areas  associated  with 
policy  and  procedures . 

Q  How  long  did  you  hold  that  position? 

A  Sir,    it  was  just  over  13  months. 

Q  What  certifications  do  you  possess? 

A  Sir,    currently  I  am  a  Certified  Information 

Systems  Security  Professional  and  SANS  global 
information  assurance  certified  incident  handler. 

Q  What  does  the  CISSP  certification  mean? 

A  Sir,    it's  a,    it's  the  top  level  preeminent 

security  professional,    security  certification  required 
for  information  assurance  professionals  within  the  DoD 
and  it ' s  an  industry  recognized  certificate  for  the 
industry  in  general . 

Q  Why  do  you  have  that  certification? 
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A  Two  reasons .     Professional  respect  and 

responsibility  of  the  professional  so  it  serves  as  an 
indicator  of  the  expertise  and  secondly  it  is  a 
requirement  within  the  Army  if  you  maintain  an 
information  assurance  position  to  hold  such 
certifications  as  they  are  identified  by  your  unique 
description  or  position. 

Q  What  does  your  SANS  certification  signify? 

A  The  SANS  certification  is  a  longstanding 

certification  I  maintained  since  2001.      It  is  the 
certified  information,   it's  a  certificate  of  ability  to 
perform  incident  response,    incident  handling  for 
systems  and  networks  that  have  had  an  intrusion  or 
event . 

Basically  how  to  prepare  for,  respond, 
react  and  follow  up  with  any  system  or  network  that  may 
have  been  intruded  upon  or  events  that  may  have 
occurred  on  the  network. 

Q  How  long  have  you  been  working  in 

information  assurance? 

A  Sir,    since  1998. 
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Q  What  were  you  doing  when  you  began  working 

in  information  assurance? 

A  Sir,   when  I  began  I  originally  started  in 

this  career  field  after  I  retired  from  the  service .  I 
was  a  team  member  of  the  Army  Computer  (INAUDIBLE) 
Response  Team,    contractor  support  in  support  of  the 
Army's  cert  standing  out  and  formalizing  a  brand  new 
organization  to  establish  computer  emergency  response 
processes  within  the  Army  and  across  the  five  theaters 
that  we  had  at  the  time  and  their  cert  procedures  and 
then  as  well  as  or  reporting  to  and  supporting  the 
Department  of  Defense,   DoD,   DIS  and  at  the  time  JTFG 
and  now  Cyber  Command. 

Q  Let ' s  talk  about  AR25 . 

A  Yes. 

Q  Are  you  familiar  with  it? 

A  Yes . 

Q  How? 

A  In  2002  I  began  work  with  the  Army  CIOG6  by 

leaving  the  Army  computer  emergency  response  team  and 
went  to  the  Army  CIOG6 .     My  primary  duties  and 
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responsibilities  when  I  got  there  was  the  authoring  of 
AR25— 2  and  then  predominantly  was  the  sole  author  and 
responsible  for  creating,    staffing,    collaboration  and 
eventually  publication  of  AR25— 2. 

Q  What  version  did  you  write? 

A  The  initial  version  it  was  published  in 

2003  and  then  the  two  subsequent  versions  in  2007  and 
then  the  rapid  action  revision  in  2009. 

Q  And  how  many  versions  are  there? 

A  Currently  2009  rapid  action  revision  is  the 

current  25-2 . 

Q  What  was  the  first  version? 

A  It  was  just  information  assurance  25—1 

dated  2003. 

Q  How  long  did  you  spend  drafting  AR25-2? 

A  I  spent  approximately  nine  months  of 

dedicated  effort  to  creating  and  drafting  the 
regulation  from  the  DoD  and  Army  directives  at  the 
time . 

Q  What  other  documents  related  to  AR25— 2  have 

you  drafted? 
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A  I've  helped  direct  authorship  of 

approximately  best  business  practices  over  the  course 
of  about  four  years  in  2003  to  2007.     Either  the 
principal  author  or  co-author  of  best  business 
practices . 

Q  What  is  AR25-2? 

A  Sir,   AR25-2  establishes  the  standards  and 

processes  and  procedures  by  which  regulatory 
requirements  of  Army  efforts  to  instill  or  to  apply 
information  assurance  practices  for  the  network 
security  across  the  Army. 

Q  To  whom  does  AR25-2  apply? 

A  Sir,   it  applies  to  everybody  and  if  you  sit 

or  —  it  applies  to  all  users .     Obviously  applicable  to 
who  are  responsible  for  filing  AR25— 2,  commanders, 
designating  accredited  officials  are  required  to  follow 
the  rules  and  policies  associated  with  AR25— 2  and  the 
design  of  their  systems  and  incorporate  IA  principals 
in  the  policy,   Army  Reserve,   National  Guard,  medical 
community,    Corps  of  Engineers  and  so  forth.     Applies  to 
everybody  within  the  Army. 
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MR.   Von  ELTEN:      I'm  retrieving  Prosecution 
Exhibit  95  for  identification . 

THE  COURT:     Come  on  up. 
BY  MR.   Von  ELTEN: 

Q  Handing  it  to  the  witness. 

A  Thank  you . 

Q  Do  you  recognize  that  document,   Mr.  Weaver? 

A  Yes  I  do  sir.      It's  AR25-2 . 

Q  What  is  it? 

A  It ' s  a  rapid  action  revision  dated 

March  23,  2009. 

Q  How  do  you  recognize  it? 

A  It  is  the  format  by  which  the  Army 

publishes  Army  regulations .  This  one  is  in  single  page 
format . 

MR.   Von  ELTEN:     Ma'am,   the  United  States 
offers  Prosecution  Exhibit  93  for  identification . 

THE  COURT:      (INAUDIBLE)    is  this  something  I 
took  judicial  notice  of? 

Are  they  already  admitted  or  are  we 
admitting  them  now? 
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MR.   FEIN:     Ma'am,   they  have  not  been 
separately  marked  at  all .     Although  we  have  taken 
judicial  notice  and  the  government  has  the  consolidated 
list  for  the  court  and  has  not  given  that  to  the  court 
yet .     But  none  of  the  items  have  been  printed  or 
marked . 

THE  COURT:     Any  objection,  Defense? 

MR.   HURLEY:     No,  ma'am. 

THE  COURT:     Thank  you.     May  I  see  it, 

please? 

Prosecution  Exhibit  93  is  admitted. 
MR.   Von  ELTEN:     Retrieving  it  from  the 

witness . 

BY  MR.   Von  ELTEN: 

Q  Mr.  Weaver,   let's  talk  about  the  acceptable 

use  policies . 

A  Yes,  sir. 

Q  What  is  an  acceptable  use  policy? 

A  Sir,   an  acceptable  use  policy  is  mandated 

by  DoD  for  all  users  to  acknowledge  and  comply .      It ' s  a 
signature,   with  a  signature.     It  outlines  the 
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procedures  and  the  policies  associated  with  appropriate 
use  of  government  systems  and  on  a  government  network 
or  system  in  general  as  provided  by  the  government  to 
outline  the  standards  and  outline  the  standards  by 
which  users  are  held  accountable  to  conduct  and 
behavior  while  on  or  operating  with  that  system. 

MR.   Von  ELTEN:     Permission  to  publish, 

ma ' am. 

THE  COURT:     Go  ahead. 
BY  MR.   Von  ELTEN: 

Q  Mr.   Weaver,   do  you  recognize  this  section? 

A  I  do,  sir. 

Q  What  is  it? 

A  This  is  one  of  the  subparagraphs  — 

THE  DEFENSE:     We're  going  to  object  based 
on  relevance .     PFC  Manning  is  charged  with  violating 
specific  sections  of  25—2.     This  is  not  one  of  these 
sections . 

THE  COURT:     Where  are  you  going  with  this? 
MR.   Von  ELTEN:     To  establish  the  framework 
by  which  25-2  establishes  acceptable  uses. 
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THE  COURT:      Is  this  going  to  be  a  long 

discussion? 

MR .   Von  ELTEN :     No ,   ma ' am . 

THE  COURT:     All  right.      I'll  overrule  the 
objection.     Go  ahead. 
BY  MR.   Von  ELTEN: 

Q  What  does  the  acceptable  use  policy  do? 

A  So,    sir,   what  you  see  here  is  the  wording 

manner  that  is  prescribed  as  a  requirement  to  access 
any  information  system.      It  is  the  warning  banner  that 
is  part  of  the  display  of  any  users '   access  to 
information  and  the  users  agreement  outlines  the 
standards  by  which  that  access  is  also  permitted  in 
addition  to  the  warning  banner . 

THE  COURT:     Captain  von  Elten,   what  pages 
of  the  regulations  am  I  looking  at? 

MR.   Von  ELTEN:  26. 
THE  COURT:     Thank  you. 
BY  MR.   Von  ELTEN: 

Q  What  uses  does  it  authorize? 

A  That  the  AUP  outlines  the  appropriate  use 
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of  the  information  system  other  than  or  in  addition  to 
the  additional  authorized  use  of  that,   of  that  system 
for  conduct  of  government  business .     This  warning 
banner  also  outlines  that  there ' s  no  expectation  of 
privacy  with  that,   with  the  exception  of  that  which  is 
already  controlled  by  other  policies  such  as  legal  or 
medical  restrictions . 

Q  How  are  government  means    (sic.)  determined? 

A  Means? 

Q  Government  needs  determined? 

A  Usually  by  the  commissioner,   by  the  command 

or  by  the  organization  that  owns  that  system  or  has 
accredited  that  system  for  use  decides  or  determines 
what  that  need  is,  sir. 

Q  Are  AUPs  required? 

A  They're  required. 

Q  How  long  have  they  been  required? 

A  Since  that  Regulation  25—2.     This  version 

was  a  rapid  action  revision  because  of  the  requirement 
by  DoD  to  change  the  mandate,   the  acceptable  use.  So 
in  2009  this  RAR  was  published. 
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Q  Why  are  AUPs  used? 

A  The  AUPs  are  basically  an  agreement  between 

the  government  or  the  organization  and  the  user. 

The  user  signs  it  understanding  that  the 
rules  and  responsibilities  they  have  on  that  network 
are  the  rules  and  responsibilities  that  they  have  in 
the  performance  of  their  duties  as  well  as  acknowledge 
their  responsibility  and  when  authorized,   when  you  can 
use  the  government  system  for  nonof f icial  use . 

However,   but  it's  still  authorized  such  as 
NWR  support  or  e-mail  to  a  user,    civilian  web  mail  or 
something  like  that . 

Q  What  does  AR  paragraph  1-5 J  prohibit? 

A  Sir,    1—5 J  prohibits  or  specifically 

prohibits  actions  and  functions  within  the  Army 
associated  with  the  use  of  information  systems  and  IA 
principles . 

Q  What  are  code  examples? 

THE  DEFENSE:     We're  going  to  object  again. 
This  man  is  not  charged  with  violating  that  division  of 
AR25-2 . 
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THE  COURT:     Then  why  are  we  discussing  it? 


MR.   Von  ELTEN:     Establishing  framework, 


Your  Honor.     My  last  question. 


THE  COURT:     All  right.     Go  ahead. 


A 


Your  question  again,  sir? 


Q 


A  few  examples .     What  are  a  few  examples  of 


activities  prohibited  in  1-5J? 


A 


So  those  violations  are  covered  in  the 


regulation  in  bolded  text  throughout  the  regulation 
specifically.     Some  violations  would  be  unauthorized 
use  of  the  system,    installing  or  downloading  or 
accessing  information,    installing  or  downloading 
software,   accessing  information  which  is  outside  the 
control  or  boundaries  of  authorized  use,    failure  to 
scan  systems  for  malicious  content,  uploading 
personnel,   personnel  files  or  personal  content  that  is 
not  DoD  related. 

Q  Let ' s  talk  about  information  assurance 

training. 

A  Sure . 

Q  Are  you  familiar  with  information  assurance 
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training? 

A  I  am. 

Q  How  are  you  familiar  with  it? 

A  Both  as  a  user  I  am  required  by  the  same 

policy  to  take  training  every  year  and  as  a  SME  for  IA 
within  the  Army  I've  contributed  to  some  of  the  content 
associated  with  the  initial  versions  of  the  information 
assurance  training. 

Q  What  policies  required  IA  training? 

A  The  AR25— 2  requires  training  on  an  annual 

basis .     DoD  also  requires  as  part  of  their  policies 
that  all  users  within  the  Department  of  Defense 
conducting  information  assurance  training  annually. 

Q  How  does  a  user  complete  his  obligations  to 

complete  information  assurance  training? 

A  Both  the  Army  and  the  DoD  have  instituted 

online  CPT  based,    computer  based  training,    so  it ' s 
accessible  through  the  web.     So  it's  very  easy  to 
accomplish . 

Q  What  does  it  take  to  accomplish  that? 

A  Log  on  with  the  website,   go  through  the 
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scenario— driven  computer  based  training.     You  have  a 
certificate  at  the  end  of  it  that  you  digitally  sign  or 
print  it  out  and  sign. 

Q  What  does  it  take  to  earn  that  certificate? 

A  Completion  of  the  training,  sir. 

So  you  have  to  answer  at  least  10  questions 
or  20  questions,    I'm  not  sure  what  it  is  at  the  end  of 
the  test  and  you  obviously  have  to  pass  or  you  have  to 
do  it  again . 

Q  And  how  long  has  this  training  been 

required? 

A  The  training  within  the  Army  has  been, 

since  before  2009  when  DoD  instituted  the  DoD  level 
training,   the  Army  adopted  the  DoD  training  and  just 
used  that  as  a  standard. 

Q  What  work  did  you  do  in  developing  IA 

training? 

A  So  prior  to  the  DoD  integration  — 

THE  COURT:  Yes? 

THE  DEFENSE:     Your  Honor,   we  object  on 
relevance  and  we  would  also  ask  the  judge  to  take 
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judicial  notice  of  DoD  IA  training  as  completed  it  a 
number  of  times . 

THE  COURT:     Where  are  we  going  with  this? 

MR.   Von  ELTEN:     Ma'am,   United  States  is 
offering  this  for  evidence  of  PFC  Manning's  knowledge 
because  he  completed  IA  training  and  we ' re  going  to 
discuss  the  contents  of  the  training  he  would  have 
completed. 

THE  COURT:     Which  of  these  specifications 
has  a  knowledge  element? 

MR.   Von  ELTEN:     Ma'am,   the  104 
specification  requires  knowledge.     He  did  complete  the 
training . 

THE  COURT:     This  training  is  relevant  to 
the  104  specification? 

MR.   Von  ELTEN:     Yes,  ma'am. 

THE  COURT:     All  right.     Make  it  —  go  ahead 
and  make  it,   make  it  brief  on  this  portion,  okay. 
MR.   Von  ELTEN:     Yes,  ma'am. 
I'm  retrieving  Prosecution  Exhibit  7. 
THE  COURT:  Overruled. 
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BY  MR.   Von  ELTEN: 

Q  Mr.   Weaver,   do  you  recognize  these  CDs? 

A  Yes,    sir.     These  are  two  DoD  information 

assurance  IA  training  CDs  by  DoD  and  downloadable. 
It's  also,   you  can  order  through  the  DoD  for  use 
remotely  or  as  needed  by  users .     So  this  is  also  an 
acceptable  way  to  do  the  training. 

Q  What  versions  are  they? 

A  2000  —  Version  7  and  Version  8. 

Q  And  how  do  you  recognize  those? 

A  Sir,   they're  identified  by  the  version 

number  at  the  bottom  corner  of  the  CDs . 

Q  How  do  you  know  the  contents  of  the  CDs? 

A  The  contents  of  the  CDs  are  basically  the 

web  pages  in  the  CD  format .  They ' re  the  same  I A 
training  that  was  applicable  at  the  years  or  the 
versions  these  were  published. 

Q  Have  you  seen  those  CDs  used? 

A  Yes,    sir,    I  have.      I  have  a  copy  of  my  own. 

Q  With  those  specific  CDs? 

A  The  Version  8,   yes,  sir. 
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MR.   Von  ELTEN:     Ma'am,   United  States 
offers  —  it's  already  been,  sorry. 
BY  MR.   Von  ELTEN: 

Q  What  kind  of  threats  does  that  information 

assurance  cover,   the  training? 

A  Sir,   the  IA  training,    it  covers  a  multitude 

of  issues.     One  of  them  being  user  training,  user 
password,   security.     Security  classified  information. 
Army  phishing  or  phishing  threats,    general  threats  in 
particular  through  a  variety  of  different  methods  that 
users  might  be  suspect  to  or  receive  e-mail  threats, 
viruses,  malware  and  so  forth. 

Q  What  kind  of  outside  threats  are  identified 

in  the  training? 

A  Specifically,    some  of  the  outside  threats 

would  be  just  factors,   trying  to  do  phishing  attacks  or 
other  similar  attempts  to  gain  access  networks  through, 
through  malware  or  digital  e-mail  or  phishing,  calling 
you  up  on  the  telephone .     So  both  physical  security  and 
technical  security  or  IT  security. 

MR.   Von  ELTEN:     Retrieving  Prosecution 
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Exhibit  7.     Returning  this  to  the  court  reporter. 
BY  MR.   Von  ELTEN: 

Q  Let ' s  talk  about  some  of  those  I A  threats 

you  identified. 

Let ' s  talk  about  the  bad  content  in 

particular . 

MR.   VonElten:     Permission  to  publish,  Your 

Honor? 

THE  COURT:     Go  ahead. 
BY  MR.   Von  ELTEN: 

Q  This  is  page  22,   Prosecution  Exhibit  93. 

Do  you  recognize  this,   Mr.  Weaver? 
A  Yes,    I  do,  sir. 

Q  What  does  paragraph  4— A3  prohibit? 

A  Sir,    4— A3  prohibits  the  modification  of 

information  system  for  the  software  to  use  it  for  any 
manner  other  than  intended  purpose  or  added  user 
configurable  or  unauthorized  software  such  as  and  not 
limited  to  instant  messaging,    commercial  internet  chat, 
(INAUDIBLE)    environments  where  you  allow  your  system  to 
be  used  by  somebody  else  and  those  are  descriptive  in 
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nature  or  examples,   not  all  inclusive. 

Q  What  is  the  purpose  of  the  prohibition? 

A  Sir,   the  intent  of  this  prohibition  was  to 

prevent,    clearly  identify  the  prohibition  of  users 
without  proper  authority  to  add  application  software  or 
other  content  to  assist  by  which  is  not  accredited  and 
processed. 

Q  And  who  has  the  authority  to  make  those 

changes? 

A  Sir,   the  authorities  to  make  those  changes 

would  be  an  authorized  system  administer  who  has  been 
given  the  responsibility  to  change  that  system  for 
compliance  to  vulnerabilities  or  patching  as  it ' s  known 
or  a  DAA,   designating  accrediting  authority,   who  has 
determined  the  appropriate  software  that ' s  authorized 
to  be  installed  on  a  network  or  on  a  system  by  which 
users  can  use  that  piece  of  application  or  piece  of 
software . 

And  then  commander  obviously  has  some  of 
that  responsibility  as  well. 

Q  What  kind  of  modifications  are  prohibited? 
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A  Sir,   there's  a  number  of  modifications  that 

are  prohibited.     Usually  anything  that  the  user  would 
do  that  would  violate  the  integrity  of  the  system  is 
prohibited. 

And  the  installation  of  unauthorized  or 
unaccredited  software  for  which  no  risk  analysis  has 
been  done  or  no  acceptance  of  that  risk  has  been  done, 
that  would  be  prohibited. 

Sharing  the  information  or  sharing  your 
computer  information  or  at  the  time  user  ID  and 
passwords  with  another  individual  would  be  prohibited 
action  as  well.     Sir,   that's  just  — 

Q  Just  broadly,   what  is  the  process  for 

adding  software? 

A  For  a,    for  a  user  or  for  — 

Q  For  a  user. 

A  So  for  a  user,    sir,   the  process  would  be  if 

you've  identified  a  need,   you  would  ask  your  IT  support 
specialist,   whoever  that  might  be,   your  system  or 
network  administrator,   your  supervisor,    justifying  the 
requirement  that  you  have  a  requirement  to  fulfill  and 
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you  don't  necessarily  get  to  dictate  the  solution,  you 
dictate  or  you  ask  for  the  requirement  and  allow  the 
system  network  administrators,   the  ID,   the  commander 
and  the  DAA  to  determine  the  method  by  which  the 
requirement  is  filled. 

So  users  don't  specify,   normally  don't 
specify  a  specific  use  of  a  piece  of  software .  They 
can  make  recommendations  but  it ' s  still  the 
determination  of  the  commander . 

Q  What  defines  the  limits  of  a  user's 

authorization  to  use  a  government  information  system? 

A  The  limit  is  imposed  by  obviously  his  duty, 

his  responsibility  associated  with  why  he  needs  access 
to  the  system  or  limited  access  to  the  system  and/or 
his  responsibility  associated  with  that  action  or  maybe 
part  of  his   job  and  requires  access  to  information 
technology  on  the  daily  occurrence  of  his  mission. 

Q  Who  determines  the  parameters  of  the 

mission? 

A  Commanders  establish  the  parameters  and 

supervisors  where  they  may  fall  in,   establish  those 
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parameters 


Q 


Whose  account  is  a  user  allowed  to  use? 


A 


Only  to  be  used  by  the  user. 


Q 


What  permission  levels  does  a  user  normally 


receive? 


A 


Generally  permission  of  a  normal  user  is 


basically  read  accessibility  to  use  a  system  as  it  was 
configured  with  whatever  permissions  or  roles  that  the 
system  has  or  they  use  it  like  the  applications  like 
Microsoft  Office  ability  to  create  work  files,  to 
create  Excel  spreadsheets  and  so  forth.     So  he  or  she 
has  been  given  those  roles  and  responsibilities  to  use 
the  technology  as  it  was  designed  or  as  it  was 
provided. 

Q  Let ' s  talk  a  little  bit  about  insider 

threats . 

A  Yes,  sir. 

Q  What  is  paragraph  AR25— 2  paragraph  4— 5A4C? 

A  So  the,   this  paragraph  outlines  the 

prohibition  by  normal  users  or  those  not  authorized  to 
conduct  this  activity  to  bypass  or  circumvent  the 
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security  parameters  that ' s  been  installed  or  part  of  a 
operation  or  part  of  the  design  of  the  system. 

Q  How  does  a  user  bypass  those  mechanisms? 

A  Traditionally  as  a  incident  he  would  have 

to  or  she  would  have  to  install  or  modify  the  system  in 
some  way  in  order  to  allow  them  to  elevate  the 
privileges  on  that  computer  so  they  can  gain  access  to 
the  box  at  a  higher  level  or  privileged  level  or,  you 
know,    somebody  has  granted  them  unauthorized  access. 

Q  What  are  a  couple  of  ways  a  user  could 

bypass  those  mechanisms? 

A  So  there ' s  a  number  of  ways .     One  would  be 

obviously  to  install  a  piece  of  software  or  application 
or  coding  that  would  change  the  authorization  level  of 
his  system.     Another  way  would  be  to  find  applications 
or  capabilities  that  would  elevate  his  privileges 
without  changing  the  access  control  process  and 
enabling  him  to  do  more  than  he  would  be  authorized  to 
do,   or  coerce  somebody  to  change  it  for  him,   you  know, 
as  a  friend  or  as  a  unauthorized  action  or  part  of  the 
system  network  demeanor  to  grant  him  — 
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Q  What  effect  would  using  a  bootable  CD  have? 

A  A  bootable  CD  could  have  numerous  effects . 

It  depends  upon  how  the  CD  was  written  or  crafted. 
Obviously  could  quickly  change  the  access  (INAUDIBLE) 
controls  of  the  user  giving  him  elevated  privileges . 

Q  What  if  the  bootable  CD  used  a  different 

type  of  operating  software? 

A  It ' s  feasible  to  get  access  to  the  system 

such  so  that  it  would  circumvent  the  security  and 
controls  of  the    (INAUDIBLE) . 

Q  Mr.  Weaver,   what  tools  can  be  automated  on 

a  computer  system? 

A  What  tools  can  be  automated? 

Q  Yes,  sir. 

A  Pretty  much  anything  you  want  to  do  on  a 

computer  system  could  be  automated  if  you  had  the  right 
tools  to  craft  the  software  or  application  to  do 
whatever  you  needed  to  do. 

Q  What  tools  can  a  user  add  to  automate  a 

process? 

A  Sir,   what  tools  can  a  user  add  to  automate 
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a  process  surrounding  those  tools  by  which  he  has 
access  to,    for  example  Excel.     He  would  automate  the 
extraction  or  the  publication  of  content  from  a 
spreadsheet  for  example  on  a  regular  basis .     Or  other 
tools  that  might  be  that  allows  the  automation  to  occur 
in  an  automated  manner.      It  does  not  equate  to  his 
ability  to  install  applications  or  software  which  would 
automate  those  tasks  for  him  without  the  system  network 
administrator  giving  that  approval  or  DAA  giving  that 
approval  to  do  that . 

Q  Mr.   Weaver,   are  you  familiar  with  Wget? 

A  I  am  vaguely  familiar,  yes. 

Q  How  does  it  work? 

A  As  I  understand,   Wget  is  basically  an 

application  that  allows  you  to  download  files  or  do 
entire  content  downloading  of  a  website  and/or  an  FTB 
site  in  an  effort  to  gather  all  the  information  from 
that  site,   basically  mirroring  a  site,    copying  the 
whole  site  local  to  a  local  drive  or  whatever . 

Q  When  is  a  user  allowed  to  add  Wget? 

MR.   TOOMAN:     Your  Honor,   we'll  object  to 


Provided  by  Freedom  of  the  Press  Foundation 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 


UNOFFICIAL  DRAFT  -  6/12/13  Afternoon  Session 


personal  knowledge  of  Wget . 

THE  COURT:  What  are  you  objecting  about? 
The  witness  said  he  was  familiar  with  it . 

MR.  TOOMAN:  Well,  like,  we  would  like  to 
explore  how  the  witness  is  familiar  with  Wget  and  the 
extent  of  the  familiarity. 

THE  COURT:     You  can  do  that  on 
cross— examination . 
BY  MR.   Von  ELTEN: 

Q  Mr.   Weaver,   what  does  paragraph  4— 17A 

state? 

A  I  don't  have  that  one  memorized,  sir. 

Q  Is  there  anything  that  can  refresh  your 

memory? 

A  Just  the  leading  sentence,  sir. 

THE  COURT:     Why  don't  you  publish  it. 

MR.   Von  ELTEN:  Okay. 
A  Sorry,    I  don't  have  them  all  memorized.  I 

used  to  but  not  anymore . 

So  your  question  again  sir,    I'm  sorry. 
Q  What  is  the  purpose  of  paragraph  4-1 7A? 
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MR.   TOOMAN:     We'll  object  to  the  relevance. 
Again  PFC  Manning  is  not  charged  with  violating  4—17 . 

THE  COURT:     Where  are  you  going  with  this? 

MR.   Von  ELTEN:     Ma'am,    going  with  this  that 
the  user  of  the  government  system  has  a  personal 
responsibility  to  follow  the  rules  and  this  is  an 
example  of  the  rule . 

THE  COURT:     Are  we  going  to  go  through 
every  paragraph? 

MR.   Von  ELTEN:     Ma'am,   this  is  the  last 

paragraph . 

THE  COURT:      It  is? 

MR.   Von  ELTEN:     Yes,  ma'am. 

THE  COURT:     Okay.     Keep  it  that  way. 
A  So  to  answer  your  question,    sir,  this 

paragraph  allows  responsibility  associated  with 
protecting  media,    retrieving  or  inserting  from  the 
information  system,    or  any  removable  media  or  CD  is 
inserted  and  removed  from  a  classified  system  should  be 
treated  as  such  until  such  time  it  is  properly  cleared 
by  the  appropriate  person  or  personnel . 
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Q  How  does  personal  responsibility  affect 

implementation  of  AR25— 2? 

A  The  users  are  INAUDIBLE) ,   the  base,  the 

person  with  responsibilities  for  conduct  of  security 
information  and  information  systems  relies  upon  the 
user  to  do  the  right  thing  many  times . 

Technology  is  advancing  rapidly.  Policy 
doesn't  always  keep  up  with  the  technology.     So  with 
the  guidance  of  the  user,   the  user  has  the 
responsibility  and  it ' s  entrusted  to  him  and  not  to 
exceed  the  authorities  and  not  exceed  their  permission 
and  to  protect  that  information  and  any  information 
systems  by,   that  they  do  business  on  and  to  report  any 
anomalies  or  violations  that  they  may  see  to  their 
appropriate  security  officials . 

Q  Mr.   Weaver,   when  is  the  user  allowed  to 

install  Wget? 

A  Never,    sir.     That  user  wouldn't  have  those 

permission . 

MR.   Von  ELTEN:     Returning  Prosecution 
Exhibit  93  to  the  court  reporter. 
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Nothing  further . 

THE  COURT:  Cross? 

MR.   TOOMAN:     Yes,  ma'am. 

CROSS-EXAMINATION  BY  MR.  TOOMAN: 
Q  Good  afternoon,   Mr.  Weaver. 

A  Good  afternoon,  sir. 

Q  Mr.  Weaver,   do  you  know  what  an  executable 

file  is? 

A  Yes,  sir. 

Q  What  is  it? 

A  It's  a,   an  executable  file  would  allow  for 

a  program  application  to  run  its  directions  or 
instructions  by  the  system  that  would  execute  that  file 
or  program,    instructions . 

Q  Okay.     Do  you  know  whether  or  not  the  S2 

section  of  PFC  Manning's  unit,    C210  Mountain  Division, 
do  you  know  whether  or  not  they  permitted  executable 
files  to  be  run  on  their  — 

A  I  do  not  know  that  answer . 

Q  Sir,   you  talked  a  little  bit  about  the  IA 

training  and  threats  that  are  discussed  within  that 
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training.     Is  al— Qaeda  discussed  specifically  in  that 
training? 

A  There  are,   the  foreign  threats,    sir,  are 

discussed  in  the  current  versions  of  the  training.  I 
don't  remember  if  it  was  in  previous  versions  but  they 
do  talk  to  —  usually  state  your  foreign  actors  in  the 
training  so,   you  know  just  another  series  of  bad  guys. 

Q  Okay.     To  the  extent  you  can  remember  those 

past  versions,   are  those  foreign  groups  just  grouped 
generally  or  are  they  specifically  listed? 

A  They  are  specifically  listed  by  activists, 

activists,  hacker,  insider  threat,  foreign  state.  So 
there's  a  number  of  them.  I  don't  remember  the  exact 
numbers .     There ' s  a  group . 

Q  So  those  are  broad  categories,   they  don't 

get  specific  for,   example,   and  say  al-Qaeda? 

A  No,   that  would  cross  some  of  the  boundaries 

of  potentially  classified  or  extremely  sensitive 
information.     Obviously  the  CDs  are  not  designed  for 
those . 

Q  So  based  on  that  answer,    I  assume  that  they 
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don't  specifically  mention  al— Qaeda  in  the  Iranian 
peninsula  either? 

A  I  don ' t  believe  they  do . 

Q  And  you  would  say  that  the  IA  training  also 

doesn't  discuss  whether  or  not  specific  groups  use  the 
internet,   particular  internet  sites? 

A  I  —  so  as  a  general  user  you  probably 

would  not  make  that  inference  as  an  IA  guy  with  access 
to  classified.     You  could  say  that's  easily  seen  in  the 
videos . 

Q  But  the  training  doesn ' t  say  al-Qaeda  uses 

WikiLeaks? 

A  No. 

Q  Or  al-Qaeda  uses  ESPN.com? 

A  Not  that  I  know  of,   no,  sir. 

Q  Now,   you  talked  about  AR25— 2  and  the 

punitive  paragraphs  and  the  purpose  of  AR25— 2  was  to 
give  some  teeth  to  the  IA  regulation,  correct? 

A  That  is  a  true  statement.     Yes,  sir. 

Q  And  while  its  intention  was  to  give  teeth 

you  would  also  say  that  AR25-2  is  open  to 
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interpretation? 

A  As  all  regulations  are,    sir.     They  are  open 

to  interpretation,   yes,  sir. 

Q  And  indeed  AR25— 2  from  your  view  is  a 

regulation  that  really,   the  decisions  about  what's 
authorized  and  what ' s  not  authorized  should  be  made  at 
the  unit  level,  correct? 

A  No,    sir.      I  disagree.     The  AR25— 2  redlines 

standard  Army  practices  and  principles  by  which  a  IA 
should  be  conducted  understanding  it  is  a  part  of  the 
antisecurity  domain,   not  just  a  piece  of  the  security 
functions.      It  incorporates,   you  know,   the  guidance  and 
the  responsibility  that  it's  not  just  one  thing. 

Q  So  AR25-2  sort  of  provides  a  baseline 

standard? 

A  Yes,  sir. 

Q  You  would  agree,   though,   that  a  commander 

in  a  unit  could  deviate  from  AR25— 2? 

A  A  commander  by  his  position  would  have  the 

authority  to  do  so  but  he  would  do  so  with  the  advice 
and  understanding  of  his  security  staff,   his  G6  staff, 
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his  intelligence  staff.     It's  not  a  decision  he  would 
execute  unknowingly  or  without  merit  and  he  could  still 
be  subject  to  a  higher  level  authority  which  he  would 
have  to  rescind  that  authorization. 

Q  So  the  individual  would  consider  kind  of 

the  pros  and  cons  and  if  they  deviated  from  AR25— 2  they 
would  assume  some  risk? 

A  Yes,    sir.     But  in  my  experience  that  risk 

is  usually  surfaced  at  a  higher  level  to  ensure  that  it 
doesn't  impose  a  greater  risk  across  the  enterprise  or 
across  the  Army.     So  in  my  experiences  dealing  with 
exceptions  or  waivers  to  AR25— 2  it  is  always  done  in 
concert  with  the  commander  and  not  solely  by  the 
commander.     He  makes  those  decisions  with  the  advice  of 
not  only  the  local  staff  but  higher  core  staff  and  many 
times  at  the  Army  level . 

Q  You  would  agree  that  a  deviation  from 

AR25— 2,    if  there  were  a  deviation  and  a  commander  or  a 
supervisor  had  approved  it,   you  wouldn't  hold  an 
individual  responsible  under  AR25— 2  in  a  situation 
where  the  chain  of  command  had  said  it ' s  okay  for  you 
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to  do  that? 

A  I'm  not  sure  of  the  question.  The 

command  —  so  if  the  user,   if  the  user  followed  due 
process  and  requested  the  appropriate  action  and  the 
leadership  has  approved  that  action,   then  it's  the 
leadership ' s  responsibility  obviously  to  manage  and 
monitor  that  action  or  request . 

Q  So  if  a  junior  soldier  was  told  by  his 

supervisor  or  his  chain  of  command  that  something  was 
allowed,   you  would  expect  the  junior  soldier  to  rely 
upon  the  chain  of  command? 

A  Yes,  sir. 

MR.   TOOMAN:     One  moment,  please. 
BY  MR.  TOOMAN: 

Q  Mr.   Weaver,   what  is  your  understanding  as 

to  whether  or  not  music  would  be  permitted  to  be  stored 
on  a  system? 

A  You  want  the  regulation  answer  or  my 

opinion,  sir? 

Q  Let ' s  go  with  the  regulation  answer . 

A  Okay . 
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(Laughter . ) . 

A  So  the  answer  would  be  there  should  be  a 

process  in  place  by  which  a  commander  authorized  those 
activities  or  actions  for  which  they  would  support  WMOR 
or  health  and  welfare  and  morale  associated  with  his 
environment .      It  is  not  arbitrary  do  as  you  want  to  do 
or  do  whatever  you  want  to  do  process.     It  should  be 
requested. 

It  should  be  a  process  by  which  it  is 
approved  and  the  manner  in  which  it  is  approved  is 
followed  every  time  and  obviously  enforced  when  it  is 
not  followed. 

Q  Sure.     So  a  commander,    if  authorizing 

music,  would  go  through  the  process  that  you  described. 
But  the  language  of  25—2  wouldn't  allow  for  music  to  be 
stored  on  a  system,  correct? 

A  The  intent  of  AR25— 2  is  not  to  allow  music 

on  a  network  due  to  the  fact  that  it ' s  copyright  laws 
for  one  and  secondly  it  is  potentially  wrought  with 
malware  on  the  CDs  that  you  would  upload  from. 

Q  You  said  the  same  is  true  of  games? 
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A 


Yes,    sir.  Absolutely. 


Q 


What  about  executable  files? 


A 


Absolutely . 


Q 


Now,   let's  go  into,   that  was  the  regulation 


answer . 


What 


s  the  reality? 


A 


So  the  reality  is  commander  has  a 


responsible  for  health  and  welfare  of  his  networks  and 
of  his  soldiers.     So  as  such,   there  should  be  a  policy 
or  opportunity  by  which  it  is  done  correctly  in 
mitigating  the  risk  associated  with  those  activities . 


technically  feasible  ways  by  which  your  infrastructure 
guys  and  security  guys  and/or  gals,    I  apologize  to  the 
ladies  in  the  room,    sorry,   and  your  security  folks  can 
implement  those  control  measures  to  mitigate  the  risk 
associated  with  that  kind  of  service.     Or  outright 
prohibit  look  at  alternatives  to  satisfy  the 
requirement  if  they  have  one . 


The  copyright  problem  aside,   there  are 


MR.   TOOMAN:     Thank  you,   Mr.  Weaver. 


THE  COURT: 


Redirect? 
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REDIRECT  EXAMINATION  BY  MR.   Von  ELTEN: 
Q  Mr.  Weaver,   what's  the  difference  between 

introducing  a  system  and  storing  a  system  or  storing  a 
file  and  introducing  a  file  to  a  system? 

A  Storing  a  file  is  anything,    it  encompasses 

a  number  of  things.     One,   where  the  file  was  originally 
created  or  stored,  moved,    like  a  file  server  or  a 
location  by  which  you,   a  user  had  access  to,  copying 
from  your  C  drive  to  a  network  drive,    for  example. 

Introducing  a  file  or  executable  would  be 
not  necessarily  something  that  would  be  execute  — 
would  be  installation  through  a  software  —  I'm  sorry, 
through  a  hardware,   USB  token  or  a  CD  or  downloading  a 
file  that  has  dutiable  in  it  that  would  change  the 
configuration  of  the  system  or  had  malicious  conduct  or 
intent  mind  that  system  itself. 

So  I'm  not  sure  if  I  answered  your 

question . 

Q  Are  the  two  treated  differently  under  25—2? 

A  Yes,  sir. 

Q  How  are  they  treated? 
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A  So  the  user,    so  a  file  on  a  network  or 

creation  of  a  file  on  a  network  and  moving  documents 
and  so  forth  would  be  authorized.     Traditionally  users 
do  not  have  the  authority  —  users  do  not  have  the 
authority  to  do  executable  files.     That's  what  system 
and  network  administrators  are  for,   people  that  are 
trained  to  understand  the  impact  of  what  many 
variations  or  executables  are  and  the  impact  to  them. 
Why  malware  is  bad,   why  CDs  are  bad  because  they  could 
contain  malicious  content,   executables,   not  just  the 
files,   the  music  that's  on  that  CD,    for  example. 

MR.   Von  ELTEN:     Thank  you. 

MR .   TOOMAN :     No ,   ma ' am . 

THE  COURT :      I  have  a  couple  of  questions . 
EXAMINATION  BY  THE  COURT: 
Q  Is  the  administrator  privilege  and  user 

limitations,   are  they  consistent  throughout  the  Army? 
A  The  standard,   yes,   ma'am.     Yes,   they  are. 

Q  So  did  I  understand  your  testimony  that  a 

user  of  a  Department  of  the  Army  computer  could  not 
load  Wget  on  that  computer? 
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A  If  configured  correctly,   that  would  be  a 

true  statement,   ma'am.     You,   as  a  user,   cannot  load 
Wget  on  that  system.     You  would  not  have  those 
permissions . 

If  I  may  continue. 
Q  Yes. 

A  Having  accessibility  doesn't  equate  to 

authorization.     So  a  user  wouldn't  have  the 
authorization  to  do  that  executable.     Or  to  load  that 
Wget .     That  would  be  a  system  and  network 
administrator . 

Q  Say  that  once  —  having  ability  doesn ' t 

equal  authorization? 

A  Yes,   ma'am.     That's  a  fundamental  principle 

of  25-2. 

Q  In  the  training  that  you  discussed  in  the 

CDs,   does  that  tell  users  that? 
A  Yes,  ma'am. 

Q  So  if  a  user  goes  on  the  internet  or  is, 

sends  an  e-mail  with  some  kind  of  an  attached  movie  or 
clip  or  something  like  that,    is  that  considered  an 
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executable  file? 

A  Many  times  it  can  be,   yes,  ma'am. 

Q  So  if  the  user  clicks  on  the  clip,    is  that 

a  violation  of  AR25-2? 

A  By  policy,   yes,  ma'am.     Because  you  have  no 

idea  what  the  content  of  that  movie  file  may  contain . 
It  should  be  reported  as  a  potential  security  violation 
or  an  attempt  by  somebody  to  do  malicious  activity  on 
your  network . 

Q  I  guess  that ' s  back  to  my  original 

question.     When  machines,   when  users  are  on  Army 
machines  normally  if  the  user  tries  to  install 
something  they ' re  not  allow  to  install ,   don ' t  they  get 
the  box  that  says  they  have  to  have  the  administrator 
privileges? 

A  Yes,   ma'am.     Many  times. 

Q  But  not  always? 

A  But  based  on  how  —  clicking  on  the  link  in 

the  e-mail  may  contain  malicious  content  that  might 
load  onto  the  computer  but  may  not  execute  until  the 
next  time  you  log  off  and  log  back  on,    for  example.  Or 
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other  actions  that  circumvent  the  security  parameters 
of  that  system. 

So  the  user  would  click  on  a  link,   the  code 
would  execute,   he  would  not  see  those  pop— ups  or  may 
not  see  those  pop-ups .     And  then  your  system  is 
compromised.     Not  all  actions  are  identified  by  the 
system  when  you  install  or  maliciously  accessed  content 
that  might  be  sent  to  you. 

Q  Assume  there  is  mission  related.  Someone 

sends  a  video  or  someone  sends  some  kind  of  a  file  that 
you  open  and  execute.     Is  the  user  prohibited  from 
doing  that? 

A  No,   ma'am.     But  it's  usually  part  of  the 

operational  process  by  which  the  process  itself,  the 
control  mechanisms  are  in  place  and  the  process  has 
been  validated  to  be  either  safe  or  approved.  So 
sending  UA  video  from  side  A  to  B  or  moving  a  file  from 
side  A  to  B  that ' s  a  UAV  video  would  be  operation  and 
so,   you  know,   double  clicking  on  that  executed  is,  is 
approved  or  authorized. 

THE  COURT:     Any  questions  based  on  mine? 
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MR.   Von  ELTEN:     Nothing,   Your  Honor. 
MR .   TOOMAN :     None . 

THE  COURT:     Temporary  or  permanent  excusal? 

MR.   Von  ELTEN:  Temporary. 

THE  COURT:     You  are  temporarily  excused. 
Please  don't  discuss  your  testimony  with  anyone  other 
than  the  lawyers  and  the  accused  while  the  trial  is 
going  on. 

THE  WITNESS:     Absolutely,   ma'am.  Thank 

you . 

MR.   FEIN:     Your  Honor,   the  United  States 
offers  to  read  a  stipulation  into  the  record.     This  is 
Prosecution  Exhibit  80. 

Stipulation  of  expected  testimony  for 
Mr.   Doug  Schasteen  dated  9  June  2013. 

(Whereupon,   Prosecution  Exhibit  80, 
stipulated  testimony  of  Doug  Schasteen,   was  read  into 
the  record.) 

MR.   FEIN:     United  States  moves  to  admit 
Prosecution  Exhibit  114  for  identification  as 
Prosecution  Exhibit  114. 
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THE  COURT:     Any  objection? 

MR.   COOMBS:     No  objection,   Your  Honor. 

THE  COURT:     Prosecution  Exhibit  114  is 

admitted. 

MR.   Von  ELTEN:     Ma'am,   the  United  States 
calls  Mark  Kitz  to  the  stand. 
Whereupon, 

MARK  KITZ, 

called  as  a  witness,   having  been  first  duly  sworn  to 
tell  the  truth,   the  whole  truth,   and  nothing  but  the 
truth,   was  examined  and  testified  as  follows: 
EXAMINATION  BY  MR.   Von  ELTEN: 

Q  Are  you  Mark  Kitz  of  Aberdeen,  Maryland? 

A  Yes . 

Q  Where  do  you  work? 

A  I  work  at  Aberdeen  Proving  Ground  in 

Maryland  at  the  Program  Executive  Office  Intelligence 
Electronic  Warfare  Surveillance  Program  Manager 
Distributed  Common  Ground  System  Army. 

Q  What  is  your  educational  background? 

A  I  have  a  bachelor ' s  degree  from  Lafayette 
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College  in  electrical  engineering  and  a  master ' s  degree 
in  electrical  engineering  as  well  from  New  Jersey 
Institute  of  Technology  with  a  focus  on  communication 
systems . 

Q  How  long  have  you  been  a  government 

employee? 

A  About  13  years. 

Q  And  what  have  you  done  in  your  time  for  the 

government  ? 

A  So  I  came  to  the  government  directly  out  of 

college .  I  have  worked  on  my  master ' s  program  while  I 
was  in  college,  I  mean,  sorry,  while  I  was  employed  by 
the  government . 

I  worked  for  the  Trojan  program,  the 
acronym  totally  escapes  me .      It ' s  a  communication 
system.     I  was  the  project  engineer,   project  leader, 
project  manager  and  I  spent  about  six  or  seven  years 
with  the  Trojan  program  working  on  the  communication 
systems  and  then  they  also  have  an  intelligence  system 
that  I  was  a  project  manager  on  as  well. 

Then  I  did,    I  was  selected  for  engineering 
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and  scientist:  exchange  rotation  in  Australia .     I  did  a 
year  and  a  half  at  the  Defense  Science  and  Technology 
Organization  in  Australia. 

Then  I  came  back  and  began  working  on  D6— A 
on  a  loan  from  a  S  and  T  community  and  then  went  as  a 
core  employee  or  working  directly  for  the  program 
manager  in  2011. 

Q  How  long  have  you  worked  at  D6— A? 

A  It ' s  a  little  over  five  years . 

Q  What  position  did  you  have  prior  to  your 

current  one? 

A  I  started  as  a  integrated  product  team  lead 

for  installs  intelligence  and  then  I  worked  my  way  up 
to  becoming  the  systems  engineer  lead  for  a  product 
that  we  have  called  Version  3  or  the  intelligence 
fusion  server  and  basic    (INAUDIBLE)  laptop. 

Then  I  was  selected  to  become  the  technical 
director  for  the  program  which  is  the  role  I  currently 
have  which  oversees  a  portfolio  of  systems,  capacity 
abilities  and  software  across  the  D6— A  portfolio. 

Q  How  large  is  that  portfolio? 
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A  So  we're  an  ACAT  1  MAIS,   an  automated 

information  system.     There  isn't  a  larger  category  of 
acquisition  programs  in  the  defense  so  we're  a  very 
large  program. 

We  have  a  portfolio  of  about  13  systems 
fielded  from  company  to    (INAUDIBLE) .     We  have  over  700 
server  suites,   over  5,000  laptops.     We  field  to  support 
the  full  58,000  military  intelligence  professionals 
supporting  the  Army. 

Q  What  is  D6-A? 

A  So  D6— A  is  essentially  a  portfolio  of 

capabilities  providing  intelligence,  processing, 
exploration  and  dissemination  for  the  Army. 

What  does  that  mean  in  lay  terms?  Every 
military  intelligence  analyst  in  the  Army  gets  D6— A. 
Whether  that's  a  laptop,   whether  that's  a  server,  back 
end  infrastructure  for  them  to  save  data,   store  data, 
whether  that ' s  a  sensor  flying  over  the  battle  space . 
There ' s  something  on  the  ground  ingesting  that  sensor 
feed  and  providing  that  information  to  an  analyst . 

All  of  that  infrastructure  across  the 
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entire  Army  is  provided  by  D6— A. 

It ' s  relatively  difficult  to  explain  in 
somewhat  really  lay  terms  but  everything  from  the  data 
link  itself,    from  the  piece  of  satellite  communications 
that  comes  with  it  to  the  Microsoft  Office  product  that 
sits  on  a  laptop  is  bought  for  by  the  D6-A  program  and 
it  is  the  acquisition  program  for  that  purchase  or 
procurement . 

Q  At  what  level  are  D6— A  systems  distributed? 

A  So  today  we're,   all  the  way  as  low  as  the 

company  intelligence  support  team,    so  equipment  to  the 
battalions  and  companies,   D6— A  headquarters,  division 
headquarters,   at  the  core  headquarters  and  then  all  the 
support  brigades  and  all  of  the  above  core  elements 
that  have  intelligence  professionals  are  equipped  with 
D6-A. 

Q  Who  do  you  advise  in  your  current  position? 

A  The  program  manager  for  D6— A,   Cole  Charles 

Wells . 

Q  What  does  the  program  manager  do? 

A  So  the  program  manager  is  the  chartered, 


Provided  by  Freedom  of  the  Press  Foundation 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 


UNOFFICIAL  DRAFT  -  6/12/13  Afternoon  Session 


71 

I'm  struggling  for  the  adjective,  he  is  the  person  in 
charge  of  all  of  the  activities  within  the  portfolio. 
So  the  ACAT  1  program  we  mentioned  called  D6— A. 

Also  an  ECAT  2  program  and  ECAT  3  program 
called  charts,   counterintelligence,   human  intelligence 
capability  for  the  Army.     He  manages  that  portfolio,  as 
the  acquisition  manager,    and  he  certainly  follows  5002, 
the  5002  law  in  procuring  capability  against  the 
validated  requirement  by  the  JROC,   by  the  joint 
community . 

Q  What  matters  do  you  advise  the  program 

manager  on? 

A  Technical  and  acquisition.      So  as  the 

technical  director  I  advise  the  program  manager  on 
trade  analysis,    determining  how  we  meet  requirements 
and  what  software  or  what  hardware  or  what  capabilities 
are  purchased  and  how  the  teams  are  advised  —  how  the 
teams  are  proposing  those  procurement  activities .  Then 
I  also  advise  him  on  the  acquisition  process .     How  we 
move  through  the  gates  that  are  put  up  by  OSD  and  by 
Congress  that  we  have  to  statutorily  or  regulatorily 
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meet  in  order  to  achieve  the  capability  for  the  war 
fighter . 

Q  What  do  you  consider  when  giving  advice  to 

the  program  manager? 

A  So  a  lot  of  it  comes  down  to  my  experience . 

A  lot  of  it  comes  down  to  essentially  developing 
courses  of  action  that  allow  him  to  make  an  informed 
decision  about  not  just  the  technology,   not  just  the 
acquisition  process  but  what  is  best  and  makes  the  most 
common  sense  to  achieve  the  goals  of  the  program  and 
the  Army. 

Q  How  long  have  you  been  in  your  current 

position? 

A  Two  years . 

Q  Let ' s  talk  about  the  development  process . 

How  would  you  characterize  it? 

A  So  the  develop  process  is,    I  wouldn't  call 

it  set  in  stone  but  it  is  a  tried  and  true  process  from 
an  acquisition  perspective .      It ' s  termed  the  systems 
engineering  process,   that's  essentially  it  lays  out  the 
outline  of  how  the  Army  procures  systems  at  a  large 
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level  as  I  mentioned  as  ACAT  1  program.      So  that 
process  is  well  defined  and  it ' s  taught  across  the 
Army. 

Did  I  answer  your  question? 
Q  You  did. 

Let ' s  talk  a  little  bit  about  creative 
software  setup .     About  how  many  steps  are  involved? 

A  So  in  identifying  a  solution  to  a  piece  of 

software  to  meet  a  requirement,   there's  multiple  steps 
involved.     The  first  would  be  defining  the  requirement. 

So  the  Army  system  would  have  a  requirement 
that ' s  defined  in  what  we  call  our  capabilities 
production  document,    CPD  or  capability  description 
document  called  the  CDD.     We  in  D6— A  since  we're  a 
large  program,   we  actually  have  both.     The  CDD 
essentially  says  we  want  you  to  build  a  D6-A  and  the 
CPD  gets  to  further  detail . 

So  the  first  step  of  the  process  is 
ensuring  that  we  have  a  solid  requirement  set  that  says 
will  go  build  something  that  makes  sense  for  the  Army 
and  is  measurable  via  a  test . 
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The  next  step  would  be  to  build  organizing 
principles  around  that  requirement  so  in  our  CPD  we 
have  20  attributes.     So  each  attribute  has  hundreds  of 
requirements  associated  with  it .     So  we  organize  it  to 
integrated  product  teams  as  I  mentioned  earlier.  So 
integrated  product  teams  are  empowered  to  identify 
solutions  and  build  out  their  own  process  on  how  they 
would  address  that  requirement  with  a  capability. 

Q  Who  are  on  the  integrated  product  teams? 

A  So  you  would  have  subject  matter  experts, 

user  representation  from  trade,    from  the  training  and 
doctrine  command  and  systems  engineers  like  myself. 

Q  How  do  they  evaluate  product? 

A  So  essentially  you  would  evaluate  the 

requirement  and  refine  the  requirement  into  measurable 
sets . 

So  the  example  I  used  previously  is,  the 
requirement  may  say  to  go  build  a  word  processor  and 
that  word  processor,    another  requirement  in  a  word 
processor  may  be  to,   we  want  to  it  support  English  and 
Arabic  and  Chinese .     And  so  the  requirement  would  then 
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be  essentially  decomposed  into  smaller  chunks, 
measurable  chunks .     You  can ' t  measure  a  requirement 
that  says  build  a  word  processor. 

You  can ' t  delineate  between  different  word 
processing  pieces  of  software  that  would  deliver  that 
capability . 

So  the  IPT  would  agree  upon  a  set  of 
measurable  requirements  and  do  trade  analysis . 

Q  What  is  trade  analysis? 

A  So  trade  analysis  would  be  similar  to 

releasing  a  request  for  proposals . 

Essentially  the  government  is  looking  for 
this  set  of  requirements  to  —  a  solution  that  would 
meet  this  set  of  requirements  and  they  would  do  the 
technical  evaluation  and  the  cost  evaluation  against 
those  requirements  and  then  propose  a  solution  back  to 
the  larger  program  and  the  systems  engineering  process 
that  says,   an  example,    I'm  in  the  signals  intelligence 
IPT .      I  would  propose  this  solution  to  meet  a  certain 
requirement  and  the  wider  systems  engineering  community 
would  accept  that  through  a  series  of  gates . 
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Q  What  happens  after  the  solution  is 

proposed? 

A  So  the  solution  would  be  proposed  at  a 

preliminary  design  review  to  the  program  manager  and 
the  product  manager.     They  would  either  get  a  go  or  no 
go  decision  at  that  point  on  their  approach  and  how 
they  would  address  a  solution. 

And  they  would  then  identify  a  solution  and 
propose  that  back  at  a  critical  design  review. 

And  at  the  critical  design  review  the 
program  manager  would  make  a  decision  about  the 
baseline  itself  and  whether  or  not  under  cost  schedule 
and  performance  parameters  we  can  execute  the  solution . 

Q  What  points  of  this  process  are  you 

involved  with? 

A  So  I'm  involved  in  all  parts  of  the  process 

as  an  oversight  function  today.     Through  my  career  in 
D6  I've  been,   as  I  mentioned,    an  IPT  lead,   an  IPT 
engineer  and  a  lead  systems  engineer  on  a  product .  So 
I've  seen  how  the  process  works  from  all  points  of  view 
in  terms  of  the  process. 
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But  today  that ' s  where  I  sit .     Most  of  my 
functions  is  engaging  with  the  office  of  the  Secretary 
of  Defense  who  also  acts  as  an  oversight  role  as  an 
ACAT  1  program  so  I  act  as  their  conduit  into  the 
program  so  they  can  better  understand  the  objectives 
and  where  we ' re  trying  to  go . 

Q  What  happens  after  the  program  manager 

makes  a  decision? 

A  Essentially  contracts  are  let  and  the 

solution  is  built .     After  it ' s  integrated  and  built  we 
go  to  what  I  call  code  and  unit  test  and  then 
development  test.     Where  we  would  have  Army  test,  an 
evaluate  command  come  in  and  evaluates  the  solution 
that  was  built  and  then  upon  successful  completion  of 
development  tests  we  would  go  into  an  operational  test . 

Q  What  is  an  operational  test? 

A  An  operational  test  is  essentially  an 

operational  unit  using  the  system,    stressing  the  system 
and  validating  it  that  the  system  is  effective, 
suitable  and  survivable.     Does  the  system  work. 

Q  Let ' s  talk  about  baselines .     What  is  a 
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baseline? 

A  So  for  us  a  baseline  is  essentially  the 

hardware  and  software  that  we  field  and  train  to  an 
Army  unit  for  them  to  use  whatever  piece  of  portfolio 
that  may  be .     So  as  we  come  out  of  that  test ,  we 
provide  that  software  or  that  hardware  or  both  in  those 
cases  to  the  unit  through  a  fielding  process  where  we 
train  them,   they  sign  for  the  equipment  and  that 
baseline  is  then  used  as  essentially  their  weapon 
system. 

Q  What  is  of  the  purpose  of  the  baseline? 

A  So  the  purpose  of  the  baseline  is  the 

process  from  requirements  the  operational  test  has,  the 
Army  has  validated  a  risk  profile,   the  function 
survivability  essentially  and  the  suitability. 

So  does  the  system  work,   will  it  work  for  a 
long  period  of  time  and  is  it  sustainable  by  Army 
metrics . 

So  the  Army  process  has  val  —  I  shouldn't 
say  the  Army  process  —  the  process  has  validated  those 
things  and  so  the  baseline  defines  and  defines  a  risk 
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profile  for  the  Army  with  regard  to  will  that  baseline 
meet  the  war  fighter's  requirements  and  work  for  that 
war  fighter . 

Q  You  just  mentioned  risk  profile.     What  are 

some  of  the  risks  the  process  tries  to  prevent  or 
mitigate? 

A  So  throughout  the  entire  process,    risk  is, 

a  lot  of  the  program  manager's  job  is  managing  risk. 
Essentially  there ' s  technical  schedule  and  cost  risk 
associated  with  building  any  solution  for  the  Army. 

So  managing  that  risk  in  all  three  of  those 
facets  is  critical  to  how  a  program  manager  executes 
their  job.     So  it's  not  just  about  technical 
performance  it ' s  about  the  cost  and  schedule  associated 
in  delivering  that  solution. 

Q  What  role  does  bandwidth  play  in 

determining  the  system  setup? 

A  So  in  terms  of  the  system  setup,    is  that 

what  you  asked? 

Q  Yes. 

A  So  I  think  in  terms  of  the  system  setup,  I 
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would  think  that  the  system  is  designed  to  be  set  up  or 
to  initially  be  set  up  without  bandwidth.     To  be  a 
fully  severable  system  —  I  shouldn ' t  say  that . 

Most  of  the  portfolio,    I  guess  all  of  the 
portfolio  can  be  set  up  without  any  communications 
backbone.     However,   the  communications  backbone  enables 
the  analyst  access  to  information  that  they  essentially 
require  for  their  job. 

So  the  system  is  enabled  by  the 
bandwidth  that's  provided  but  in  order  to  set  it  up, 
it's  not  required. 

Q  In  the  deployed  environment,   how  many 

communities  might  be  on  the  same  bandwidth? 

A  I  don't  know  the  answer  to  that  question. 

Q  What  is  the  portfolio  security? 

A  So  for  us  portfolio  security  is  back  to  the 

systems  that  I  mentioned.     D6— A  delivers  a  common 
ground  station,    an  intelligence  fusion  server,  multiple 
pieces  of  the  portfolio.     So  we  manage  security  as  a 
portfolio.     Can  we  connect  to  the  network,    is  this 
survivable  in  terms  of  vulnerabilities,   are  we 
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resilient  to  vulnerabilities . 

So  as  the  program  manager,   you're  managing 
that  profile,   again  that  risk  profile  in  terms  of 
security  in  the  solutions  that  you're  building. 
Q  Why  is  it  important? 

A  So  for  us,    for  a  program  manager  delivering 

a  software  solution  what ' s  really  important  is  that 
those  soldiers  have  the  capacity  abilities  that  they 
need.     In  order  to  do  that  they  have  to  be  able  to 
connect  to  the  networks  that  they  need.     So  for  us  it's 
critical  that  we  meet  the  requirements  of  the  networks 
that  we  connect  to. 

D6— A  connects  to  six  different  nest  works 
by  requirement .     Along  with  the  networks  comes  six 
different  requirement  sets  for  those  networks .      It ' s 
critical  for  us  to  maintain  a  positive  security  profile 
and  I  say  positive  in  terms  of  meeting  those 
requirements  so  that  they  can  connect  to  the  network 
and  get  to  the  information  that  they  need  and  the 
systems  can  remain  on  the  network . 

Q  What  does  Cyber  hard  mean? 
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A  Cyber  hard  is  a  relatively  new  term  for 

something  that  we  have  had  to  do  since  the  installation 
of  D6— A,   which  is  essentially  back  to  the  security 
point  that  we  had  mentioned  before .     We  have  to  harden 
the  systems  in  order  to  meet  the  requirements  of  the 
network . 

So  that  means  the  OS  has  to  be  hardened, 
has  to  go  through  the  security  checklists  and  it  has  to 
be  replicated  across  5,000  laptops,   across  700  servers, 
so  it's  not  something  that,   you  know,   we  can  expect 
every  client  users  to  go  through.     It  needs  to  be  out 
of  the  box  that  way  every  time  so  each  user  is  not 
concerned  about  the  security  profile  of  their  system. 
That  comes  inherent  to  the  system  that  we ' re  providing . 

Q  Let's  talk  about  Wget .     What  is  Wget? 

A  So  Wget  is  —  I  have  a  cursory  knowledge  of 

Wget.  Wget  scrapes  web  sites,  essentially  uses  FTP  and 
pulls  down  that  information  and  allows  you  to  export  it 
to  multiple  formats . 

Q  What  do  you  mean  when  you  say  it  scrapes 

web  sites? 
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A  It  essentially  pulls  the  information  off  of 

the  web  server . 

Q  How  does  Wget  get  through  the  authorization 

process? 

A  To  my  knowledge,   Wget  has  never  been 

authorized  on  a  D6— A  system. 

MR.   Von  ELTEN:     One  moment,   Your  Honor. 
Nothing  further . 

THE  COURT:  Cross-examination? 
CROSS-EXAMINATION  BY  MR.    TOOMAN : 
Q  Good  afternoon,   Mr.  Kitz. 

A  Sir,   how  are  you? 

Q  Well,   thank  you. 

Mr.   Kitz,   you  spoke  on  direct  about  the 
process  through  which  a  program  will  get  vetted  to 
become  part  of  the  baseline? 
A  Yes . 

Q  You  mentioned,   you  used  the  term  a  couple 

times  ACAT  1 .     What  does  that  mean? 

A  So  it ' s  a  acquisition  category.  So 

essentially,    I  don't  actually  know  who,   if  it's 
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Congress  or  Department  of  Defense  who  sets  these 
categories  but  based  upon  the  funding  threshold  for  the 
four  year  program,    specifically  RDT  and  E,    research  and 
development  funding  determines  how  big  your  program  is . 

Number  one  is  the  biggest .     There  are  also 
2  and  3,    3  being  relatively  small.     Off  the  top  of  my 
head  I  don't  remember  the  threshold.     It's  different  if 
you're  an  NDAP,   Naval  Development  Acquisition  Program. 
It's  different.     We're  actually  called  a  MAIS,  Major 
Automated  Informations  System.     You're  an  IT  system, 
you ' re  buying  software  and  hardware  for  the  DoD . 

Q  So  if  you  needed  an  ACAT  1  system,  means 

that  it's  one  of  the  biggest  programs  in  the  Army, 
correct? 

A  It  is . 

Q  And  with  that  comes  a  lot  of  oversight? 

A  Roger,  sir. 

Q  Because  there ' s  a  lot  of  money? 

A  Yes,  sir. 

Q  Now,   you  talked  about  the  process  through 

which  a  software  program  will  become  part  of  the 
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baseline  and  it  starts  with  the  requirements  document, 
correct? 

A  Roger,  sir. 

Q  So  when  you  get  a  requirements  document, 

let's  use  an  example,   you  might  get  a  requirements 
document  that  says  we  need  a  word  processor? 

A  Yes,  sir. 

Q  So  now  we ' re  going  to  try  and  find  a  word 

processor  that  fits  our  needs,  right? 
A  Correct . 

Q  So  the  first  thing  that  happens  then  is  you 

come  up  with  A  spec  and  B  specs? 
A  Yes,  sir. 

Q  What's  an  A  specs? 

A  It ' s  that  functional  decompensation  of  the 

requirement.     So  as  you  mentioned,   word  processor,  so 
the  CPD  would  say,   the  Army,   the  D6— A  needs  to  have  a 
word  processor.     You  can't  build  a  system  based  upon 
that .     So  you  need  things . 

So  to  give  to  a  developer  tasks  to  give  to 
a  developer  to  actually  build  a  word  processor,  what 
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are  the  tasks  or  those  measurable  things .     Like  I 
mentioned,   languages,   back  space,    support  for,  you 
know,   external  development .     Those  types  of  things 
would  be  in  an  A  spec  and  B  spec.     So  when  a  tester 
went  through  it  and  said,   does  this  meet  the 
requirement ,   that ' s  something  measurable  that  that 
tester  can  say  yes,   it  supports  Chinese  language,  all 
characters,    so  on  and  so  forth. 

Q  Okay .     So  we ' re  going  to  have  sort  of  a  big 

picture  requirement  of  we  need  a  word  processor  and 
then  we ' re  going  to  burrow  down  even  further  and  say  it 
needs  to  do  English,  Arabic? 

A  Yes,  sir. 

Q  And  needs  to  be  able  to  save  and  I  need  to 


bold? 


A 


Exactly . 


Q 


Any  number  of  requirements? 


A 


Exactly  right . 


Q 


Okay .     So  then  it ' s  going  to  go  into  the 


sort  of  development  phase .     It ' 


s  going  to  go  to 


integrated  product  teams? 
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A  Yes,  sir. 

Q  And  those  teams,   what  are  they  going  to  do 

with  it? 

A  So  essentially  IPT  create  the  A  specs  and  B 

specs  and  they  understand  the  task  and  charter  of  what 
they  have  to  build  and  then  they  will  begin  the  process 
to  identify  material  solutions  that  will  meet  those 
requirements . 

So  a  word  processor  in  this  example,   all  of 
those  requirements  would  get  to  one  team  and  that  team 
would  then  begin  the  process  of  identifying  a  solution 
whether,   that  may  be  a  solution  the  Army  already  has. 
It  may  be  something  that  we  need  to  contract  out  for  a 
new  development  or  it  may  be  needs  something  that ' s 
commercially  readily  available  and  we  can  go  to 
industry  to  get  it . 

Q  So  the  IPT  may  say  we  have  got  Microsoft 

Word,   we  have  got  open  source  or  open  office  and 
they ' re  going  to  look  at  all  of  those  things  and  see 
which  one  fits? 

A  That ' s  right .     They  would  measure  against 
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the  cost  schedule  and  performance  of  that .     So  the  best 
performing  word  processor  may  not  be  available  to  us 
because  of  a  cost  prohibit  —  or  because  it  wouldn't  be 
able  to  meet  the  schedule  for  all  the  features  we  need. 

Q  And  then  the  IPT  are  going  to  propose 

solutions.     They're  ultimately  going  to  say,  for 
example,   let's  go,   well,   Microsoft  Word? 

A  Correct .     As  an  ACAT  1  program  we  have  two 

gates  we  have  to  meet .     PER,   preliminary  design  review 
and  critical  design  review.     At  the  gates  we  would 
validate  the  design  or  proposed  solution. 

Q  So  there  are  multiple  IPTs,    correct?  So 

we ' re  going  to  have  IPT  that  are  looking  at  the 
software  requirement  from  a  number  of  different  angles, 
correct? 

A  Yes,    sir,  yes. 

Q  So  then  after  each  of  those  IPTs  comes  up 

with  the  recommendations,  then  we're  going  to  another 
phase  where  someone  sits  down  and  looks  at  it  all  and 
tries  to  eliminate  redundancy? 

A  No,    I  wouldn't  call  it  a  separate  phase. 
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There  is  a  systems  engineering  IPT  that  conducts  and 
orchestrates  this.     Again,    it's  quite  a  large  program. 

So  you ' re  right .     There ' s  anywhere  between 
12  and  16  IPTs  at  D6— A  at  any  one  time,    depending  upon 
the  focus  of  how  we ' re  building  the  software .     I  would 
not  call  them  discrete  entities  in  the  process. 
They ' re  one  sort  of  systems  engineering  IPT 
orchestrating  the  sub  IPTs . 
Q  Okay . 

A  It ' s  a  constant  sort  of  rolling  feedback  in 

terms  of  redundancy  in  terms  of  identifying  solutions 
that  would  meet  more  than  one  IPT ' s  requirement . 

Q  So  after  the  IPT  it ' s  then  going  to  go  to 

initial  design  review? 

A  Yes,  sir. 

Q  And  at  initial  design  review  there  are 

going  to  be  trade  studies? 
A  Yes,  sir. 

Q  So  you ' re  going  to  have  industry  members  or 

other  groups  studying  the  market  and  they ' re  going  to 
give  their  input? 
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A  No .      It  would  still  be  the  government 

that ' s  studying  the  market .     But  that  would  be  the 
point  with  which  we  would  engage  with  industry  to  see 
what ' s  available . 

Q  So  there  you  would  reach  out  and  see  what ' s 

already  available  or  see  what  it  cost  to  create 
something  new? 

A  Right ,    right . 

Q  And  out  of  that,   you're  going  to  get  a 

proposed  design,  correct? 
A  Yes,  sir. 

Q  And  then  you're  going  to  have,   that's  sort 

of  the  first  stage.     You're  going  to  have  go,   no  go, 
this  is  what  we ' re  going  to  do  or  — 

A  Typically  in  my  experience  at  initial 

design  review  ends  with  a  lot  of  things  to  do.     So,  you 
know,   you  didn ' t  quite  meet  the  market  and  design . 
Here's  all  the  things  you've  got  to  do  before  your 
final  design  phase . 

Q  Once  you  hit  that  gate,   once  you  get  to  go, 

at  that  phase,   then  you're  going  to  go  to  operational 
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testing,  correct? 

A  We  go  through  a  development  phase, 

essentially  got  to  build  after  you  finish  designing. 
You ' ve  got  to  finish  building  it  and  then  you  go  to 
test  phase . 

Q  And  then  again  you ' re  going  to  have  to  get 

a  go  or  no  go  at  the  testing  phase? 
A  Correct . 

Q  And  then  once  all  of  that  stuff  is  done, 

we're  going  to  have  a  baseline,  a  software  program  that 
is  becoming  part  of  the  baseline  or  gets  approved? 

A  Defines  the  baseline,  yes. 

Q  And  that's  all,   that's  a  lengthy  process? 

A  Yes,  sir. 

Q  And  it ' s  a  lengthy  process  because  this  is 

a  big  program  with  a  lot  of  oversight? 
A  Sure . 

Q  Now,   updates  to  D6-A,   the  software 

baseline,   those  typically  happen  on  a  18  to  24— month 
cycle? 

A  Yes,    sir.     To  the  baseline  itself,  yes. 
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Q  So  it ' s  possible  for  a  user,   a  unit  that 

may  be  deployed,   to  be  operating  on  a  system  that  is 
old? 

A  Absolutely. 

Q  So  it ' s  possible  for,   if  a  unit  deploys 

December  10th  and  the  new  system  comes  out  on 
January  10th,   they're  really  working  with  a  system 
that's  18  do  24  months  old? 

A  I  think  you  would  not  find  the  case .  Once 

a  new  software  baseline  has  been  defined,   the  theater 
usually  is  priority  and  most  units  in  theater  elect  to 
upgrade  the  software  once  it ' s  available . 

So  you're  right  in  that  18  to  24  months 
there's  an  older  software  baseline,   once  there's  a  new 
one  available,   you'll  find,  my  experience  is  units  want 
that  new  software  and  they  would  request  it  and  get  it . 

Q  So  it  happens  in  the  field? 

A  Yes,  sir. 

Q  Now,   there  are  other  ways  that  software  can 

be  added  in  the  field,  correct? 
A  Yes,  sir. 
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Q  One  such  way  would  be  to  put  in,   to  go 

through  this  whole  process.     That  would  be  one  way, 
right  ? 

A  Yes,  sir. 

Q  And  another  way  would  be  to  ask  for, 

basically  ask  for  an  update,   correct,   or  ask  for 
approval  to  put  something  on? 

A  Yes,    sir.     You  can  —  so  once  a  baseline 

has  been  defined,   we  stand  up  a  process  called 
Engineering  Change  Review  Board,   ECRB.  ECRB 
essentially  manages  that  baseline.     And  the  program 
manager  does  that  for  the  first  year  that  the  baseline 
is  defined  and  then  we  transition  that  to  the 
communications  electronics  command,   also  located  at 
Aberdeen  Proving  Ground.     That  manages  the  sustainment 
of  that  system.     So  they're  funded  to  ensure  that  the 
baseline  remains  current,   relevant  and  they  manage  that 
process  for  the  engineering  review. 

Q  Now,    it ' s  possible  that  a  unit  may  want  to 

add  something  to  their  system  and  not  want  to  go 
through  any  of  those  processes,  correct? 
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A  Absolutely. 

Q  And  that  unit  may  decided  we ' re  just  going 

to  do  it  and  not  check  with  anyone? 

A  I  imagine  that  that ' s  possible .  However 

the  unit  is  not  authorized  to  change  the  baseline . 
That ' s  not  something  that  —  there ' s  no  sort  of  process 
for  that,    if  you  will. 

Q  Sure.     The  unit  may  say,    I  don't  really 

want  to  go  through  this  long  testing  process.      I  don't 
really,   you  know,   we're  deployed,   we  don't  want  to  deal 
with  these  hoops .     We  just  want  to  get  the  mission 
done .     We ' re  going  to  put  it  on  there . 

A  Yes,   they  may  do  that.      I,    I'm  not  certain 

how,   what  the  process  would  be,   but  yes,   they  may  do 
that . 

Q  You  spoke  about  Wget  and  you  talked  about 

Wget  being  a  secure  FTP  program? 

A  I'm  not  certain  that  it  uses  FTP.      It's  a 

different  protocol  from  FTP.      I  only  have  a  personal 
knowledge  of  Wget  from  these  proceedings.     But  yes,  I 
did  speak  of  it . 
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Q  There  are  a  lot  of  programming  out  there 

that  are  safe  that  have  never  been  approved  part  of  the 
baseline? 

A  That ' s  true . 

Q  And  that's  because  they've  not  been  tested? 

A  Or  they  may  not  have  a  requirement  to  be  on 

the  baseline . 

Q  Okay.     Now,   there  is  a  secure  FTP  program, 

it's  part  of  the  baseline,   isn't  it? 

A  Yes,  sir. 

Q  And  that  is  a  program  called  Save  Move? 

A  Yes,  sir. 

Q  That  program  essentially  has  the  same 

abilities  as  Wget  in  that  it  can  be  used  to  go  out  and 
download  entire  web  pages  if  you  wanted? 

THE  COURT :     What ' s  the  name  of  the  program? 
MR .   TOOMAN :     Save  Move . 
A  Save  Move  was  designed  to  essentially  pull 

files.     So  can  it  take  web  pages?     Yes,   it  would  have 
to  access  the  web  server  and  get  to  the  files  behind 
it .     It ' s  a  little  bit  of  a  different  design  but 
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absolutely.     It  is  a  FTP  to  move  files  and  it  is  loaded 
on  the  D6-A  system. 

Q  Now,   you  spoke  about  connectivity  and  you 

mentioned  that  the  D6-A  system  is  a  system  that  does 
not  have  to  be  connected  but  in  reality  if  it ' s  not 
connected  it's  kind  of  worthless,  right? 

A  I  wouldn't  use  that  term  because  you  still 

have  all  the  commercial  tools  available  to  you  that  you 
would  need  to  do  your  job .     But  if  you ' re  not 
connected,   you  know,   obviously  your  data  pool  is  very 
small  comparatively. 

Q  You  need  the  connectivity  to  access 

information  from  various  databases? 

A  Yes,  sir. 

Q  And  that ' s  the  information  that  you ' re 

going  to  use  to  create  your  work  product? 
A  Yes,  sir. 

Q  Now,   Mr.   Kitz,   do  you  know  whether  or  not 

soldiers  today  are  allowed  to  work  on  their  D6— A 
machine  and  by  work  on  it,    I  mean  modify  it  or  tinker 
with  it? 
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A  They  are  not  authorized.     We  have  a  recent 

program  to  allow  soldiers  that  are  authorized,  but 
there ' s  a  very  small  number  of  soldiers  today 
authorized  admin.,   what  I  would  term  admin,   rights  to 
the  system. 

Q  So  in  the  past,   how  it  would  work  would  be 

you  would  have  a  deployed  unit  and  they  would  have  a 
D6— A  contractor  that  would  be  sort  of  embedded  with  the 
unit? 

A  Yes,  sir. 

Q  And  that  individual  would  be  the  one  who 

would  work  on  the  machines? 

A  Yes,    sir,    field  service  engineer. 

Q  And  now  today  we  have,   in  some  cases, 

soldiers  are  able  to  do  the  same  functions? 

A  Only  in  one  instance,   yes,  sir. 

Q  Now,   when  a  unit  deploys  and  they  come  back 

to  the  states,   D6-A,   the  machines  get  scrubs,  don't 
they? 

A  No,    I  don't  —  I'm  not  —  ask  your  question 

again .      I  don ' t  believe  I  quite  understood  it . 
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Q  Sorry .      I ' 11  rephrase .     When  a  soldier 

redeploys  and  come  back  to  the  states,   what  happens  to 
the  D6— A  machines? 

A  Totally  up  to  the  unit .     The  program  does 

nothing  with  the  system.     There's  a  program  called 
reset,   blows  the  dust  out  of  it  and  make  sure 
everything  works  and  turns  on .     But  from  the  programmer 
perspective,   we  don't  touch  the  software  in  the  system. 
The  system  remains  the  way  it  was  when  the  unit  comes 
back  with  it . 

Q  And  when  a  unit  has  their  D6— A  machines 

updated,   that  would  be  something  that  is  done  by  a 
D6-A  — 

A  Yes,  sir. 

Q  And  that  person  would  look  at  what ' s  on  the 

D6-A  machine  that  they're  updating,  correct? 

A  No,    I  would  not  make  that  assumption 

because  when  the  program  goes  out  to  update  a  baseline, 
they're  providing  a  new  baseline  to  that  system.  So 
essentially  they  are  actually  reloading  the  entire 
system  and  moving  the  data  over. 
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So  I ' m  not  certain  that  they  would,  I  would 
use  the  term  scrub  the  old  system  because  I  don ' t  think 
that  they  necessarily  are  concerned  about  the  specifics 
are  what  on  that  system.  They're  concerned  about  the 
data  that  was  there  and  updating  that  system.  And  in  a 
lot  of  cases,  they  would  get  a  new  physical  system, 
depending  upon  how  old  the  hardware  was . 

Q  If  they  got  a  new  system,   what  would  happen 

to  the  old  system? 

A  Actually  the  PM  would  take  ownership  of 

that  system  and  they  would  have  disposition 
instructions  associated  with  it . 

Q  Sir,    are  you  aware  of  whether  or  not  it's 

common  for  D6— A  systems  to  have  unauthorized  software 
or  unauthorized  files  on  them? 

A  I'm  not  in  a  position  where  I  have  direct 

knowledge  of  that  but  it  is  my  understanding  that  it  is 
relatively  common,   yes,  sir. 

MR.   TOOMAN:     Nothing  further.     Thank  you, 

Mr.  Kitz. 

REDIRECT  EXAMINATION  BY  MR.   Von  ELTEN : 
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Q  Who  uses  Save  Move? 

A  The  only  people  is  the  field  service 

engineer.     They  are  the  only  people  that  have  access  to 
that  application. 

Q  What  side  does  Save  Move  operate  on? 

A  Entirely  server  side  operation.      So  there's 

no  Save  Move  loaded  on  a  client . 

Q  What  side  is  a  user  on? 

A  Just  the  client  side . 

Q  When  is  a  user  on  the  network  side  or 

system  side? 

A  The  user  does  not  have  access  to  the  system 

as  a  client  user.     Only  an  admin,   right  would  have 
access  to  the  operations  on  the  server. 

Q  What  side  does  Wget  operate  on? 

A  You  can  run  it  on  the  server  or  the  client . 

Q  What  side  does  Wget  operate  on  if  it ' s  used 

from  an  analyst  laptop? 

A  It  would  be  the  client . 

MR.   Von  ELTEN:     Thank  you. 

THE  COURT:      I   just  have  a  couple  of 
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questions  for  you . 

EXAMINATION  BY  THE  COURT: 
Q  Is  mIRC  chat  on  the  list  of  authorized 

programs? 

A  It  is  not  on  the  list  of  authorized 

programs,  ma'am.     There  was  a  technical  bulletin 
released  to  our  field  service  engineers  that  outlined 
how  to  load  it  if  a  commander  chose  to  load  it .     But  it 
is  not  on  the  official  baseline  and  that  letter  that 
went  out  the  engineers  essentially  showed  it  because  we 
understood  that  a  lot  of  commanders  wanted  mIRC  chat . 

So  essentially  that  letter  outlined  that  it 
is  not  part  of  the  baseline  and  any  cost  associated 
with  Microsoft  Office  as  it  is  a  licensed  product  as 
well,   was  the  commander's  risk  and  the  commander  of 
that  unit  had  to  procure  it . 

Q  So  let ' s  go  back  to  the  commander ' s 

authority  again.      If  a  commander  is  out  in  the  field 
and  wants  to  install  mIRC  chat  for  example,   do  they 
have  to  —  you  said  you  sent  a  letter  because  you  have 
systems  engineers  that  accompany  the  units  that  help 
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them  with  their  D6— A  computers? 
A  Yes. 

Q  So  does  the  commander  have  to  use  that  D6-A 

engineer  to  load  the  program? 

A  Yes,   ma'am.     The  engineer  is  the  only 

person  that  has  the  admin,   rights  to  the  system. 

What  I  said,    I  should  qualify  that .  We 
have  a  process,   it's  called  a  technical  bulletin.  So 
as,   let's  say  a  security  update  comes  out  for  Oracle 
and  Oracle  is  on  the  system.     We  release  a  technical 
bulletin.     Here,    field  service  engineer,   this  is  how 
you  would  apply  this  security  patch  to  Oracle. 

So  we  release  the  technical  bulletin  saying 
that  we  understand  that  commanders  have  been  requesting 
this,   it  is  not  authorized,   we,   program  manager,  are 
not  authorized  to  allow  you  to  have  it . 

However,   we  understand  that  the  commander 
wants  to  take  the  risk.     If  the  commander  sends  us  a 
letter  then  we  will  allow  it  to  be  loaded. 

Q  So  on  a  D6— A  computer,    if  a  individual  user 

wanted  to  load  mIRC  chat  or  Wget  or  any  other  type  of 
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program  and  they  tried  to  do  it,   would  the  computer 
itself  stop  the  user  from  doing  that,   with  the  little 
box  that  says  you  don't  have  admin,  rights? 
A  Yes,  ma'am. 

Q  Would  the  same  be  true  if  the  program  was 

on  a  shared  drive? 

A  Yes,   ma'am.     Once  it  accessed  essentially 

the  registry,    it  should  kick  and  say,   you  require  a 
password  to  load  any  software  on  the  system. 

Q  So  the  software  program  is  on  a  shared 

drive  and  the  user  reaches  out  on  the  shared  drive  and 
takes  it  back  on  the  local  drive  that  message  should 
come  up? 

A  Yes,   ma'am.     Once  they  tried  to  install  it. 

Q  Could  they  put  a  shortcut  from  the  shared 

drive  on  their  system? 

A  I  don't  believe  so,   no.     The  software  has 

to  run  from  somewhere . 

Q  How  about  music  games  and  that  kind  of 

thing,    can  those  be  updated  from  a  user  to  a  D6-A 
computer? 
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A  (INAUDIBLE) . 

Q  What ' s  the  difference  between  that  and  Wget 

(INAUDIBLE) ? 

A  Say  there ' s  a  music  player  already  on  the 

system.     It  really  just  uses  the  file  system. 

An  example  with  Wget  can  be  you  can 
download  Wget  or  put  Wget  on  the  system,   the  file 
itself.     Once  you  try  to  run  it,   you  would  be  required 
admin,  rights. 

THE  COURT:     Any  follow-up  questions  based 

on  mine? 

MR .   Von  ELTEN :     No ,   ma ' am . 

MR .   TOOMAN :     Just  a  couple ,   ma ' am . 

RECROSS  EXAMINATION  BY  MR.  TOOMAN: 
Q  You  mentioned  a  memoranda  that  you  sent  out 

to  commanders  because  you  understood  that  they  wanted 
to  use  mischaracterize  chat.     Does  that  recommendation 
or  guidance  identify  a  particular  version? 

A  Let  me  qualify  your  question.      It  wasn't 

sent  to  commanders .     It  was  sent  to  field  service 
engineers  giving  them  guidance  if  the  commander  asks 
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you  to  install  this .  This  is  what ' s  required  of  the 
commander  and  this  is  how  you  would  do  it .  I  do  not 
know  offhand,   no . 

THE  COURT:     Before  you  continue,    let  me  ask 
one  more  question. 

When  was  that  technical  bulletin  issued? 

THE  WITNESS:      I  believe  it  is  in  2008, 

ma ' am. 

THE  COURT:     Thank  you. 
BY  MR.  TOOMAN: 

Q  And  a  commander  had  to  approve  the  addition 

of  the  mIRC  chat? 

A  Yes,   the  commander  specifically  had  to 

accept  the  risk . 

Q  Mr.   Kitz,   would  it  be  possible  to  add  mIRC 

chat  onto  the  desktop  as  an  executable  file? 

A  Without  admin,  rights? 

Q  Yes. 

A  I  don ' t  believe  so . 

Q  What  about  Wget? 

A  I  don ' t  believe  so . 
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MR.    TOOMAN:      Thank  you,   Mr.  Kitz. 
REDIRECT  EXAMINATION  BY  MR.   Von  ELTEN: 

Q  Mr.   Kitz,   how  do  you  install  Wget? 

A  I've  actually  never  installed  it  on  my 

machine  so  I  would  not  be  able  to  necessarily  answer 
that  question. 

Q  How  do  you  install  mIRC  chat? 

A  MIRC  chat  you  have  to  download  and  it 

probably  has  an  MSI  file  that  allows,   that  has 
automated,   you  know,   installation  instructions  and  you 
click  through  next  like  you  would  most  applications . 

Q  How  sure  are  you  about  mIRC  chat? 

A  How  sure  am  I  with  regard  to  what? 

Q  Its  installation? 

A  How  sure  am  I  about  what  about  its 

installation? 

Q  The  process. 

THE  COURT:      I  thought  he  just  said  he 
didn ' t  know  how  to  install  it . 

Did  I  misunderstood  your  testimony? 
A  No,   he  asked  me  mIRC  chat.     And  mIRC  chat  I 


Provided  by  Freedom  of  the  Press  Foundation 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 


UNOFFICIAL  DRAFT  -  6/12/13  Afternoon  Session 


107 

have  installed  before.     So  I'm  relatively  confident 
that  mIRC  chat,   you  know,    requires  some  sort  of 
interaction  with  the  user  to  install  it . 

Q  When  you  said  MSCI  — 

A  MSI . 

Q  What  is  an  MSI? 

A  An  MSI  is  essentially  a  wrapper  around  an 

application  that  automates  installation  so  whenever  you 
download  a  file  on  the  internet  and  you  bring  up,  I 
want  to  double  click  and  install  it,    it  brings  up  a, 
you  know,   who  are  you  and  then  next  here ' s  the  service 
agreement  between  me  and  the  user .     Next  is  what  are 
the  configurations,   you  know.     I  need  an  IP  address  for 
the  chat  server  Microsoft  Office  will  connect  to,  then 
you  click  next,   yes.     And  the  MSI  file  is  essentially 
the  wrapper  that  allows  the  interface  with  the  user  to 
configure  and  install  the  application. 

MR.   Von  ELTEN:     Thank  you. 

THE  COURT:     Temporary  or  permanent  excusal? 

MR.   Von  ELTEN:  Temporarily. 

THE  COURT:     Mr.   Kitz,   you're  temporarily 
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excused.     Please  don't  discuss  your  testimony  or 
knowledge  about  the  case  with  anyone  other  than  the 
lawyers  or  accused  while  the  trial  is  going  on. 

THE  WITNESS:      Sure.     Thank  you,  ma'am. 

MR.   FEIN:     The  United  States  offers  to  read 
a  stipulation  of  expected  testimony  on  the  record. 

THE  COURT:  Proceed. 

MR.   FEIN:     This  is  Prosecution  Exhibit  107. 
Stipulation  of  the  expected  testimony  of  Ms .  Florinda 
White  dated  June  10,  2013. 

(Whereupon,   Prosecution  Exhibit  107, 
stipulated  testimony  of  Florinda  White,   was  read  into 
the  record.) 

THE  PROSECUTION:     The  United  States  calls 
Captain  Thomas  Cherepko . 

MR.   COOMBS:     Could  we  a  10-minute  break? 
(Brief  recess  taken.) 

THE  COURT:     Court  is  called  to  order.  Let 
the  record  reflect  all  attorneys  present  when  the  court 
last  recessed  are  again  present  in  court . 

Before  we  proceed  I  have  been  advised  that 
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we  now  have  a  new  piece  of  equipment  in  the  court  room. 
Is  that  correct? 

MR.   FEIN:     Well,   ma'am,    it's  been  moved 
since  then  during  recess,   but  yes. 

THE  COURT:     Why  don't  we  just  go  ahead  and 
put  it  on  the  witness  stand  and  have  someone  sit  in  the 
witness  chair  to  see  if  there  are  any  issues . 

MR.   FEIN:      I'm  placing  a  three— sided  box  to 
block  the  witness . 

THE  COURT:     Let  the  record  reflect  that  the 
court  security  officer  is  in  the  witness  chair  and  we 
are  testing,   it  is  a  black  covering  that  goes  above 
where  the  witness  chair  ends  basically  up  to  the 
witness,   a  little  lower  than  the  witness'   neck  and  that 
is  to  ensure  that  classified  information  is  protected. 

SECURITY  OFFICER:  Test. 

THE  COURT:      It  appears  the  classified 
information  is  protected.     Any  issues  with  the  ability 
to  observe  the  witness? 

MR.   COOMBS:     No,   Your  Honor. 

THE  COURT:     Any  other  issues  with  the  new 
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piece  of  equipment? 

MR.   FEIN:     No,  ma'am. 

THE  COURT:     We  can  go  ahead  and  move  it 
back  then.     Thank  you. 

Are  you  ready  to  call  your  next  witness? 

THE  PROSECUTION:     The  United  States  calls 
Thomas  Cherepko . 
WHEREUPON, 


called  as  a  witness,  having  been  first  duly  sworn  to 
tell  the  truth,  the  whole  truth,  and  nothing  but  the 
truth,   was  examined  and  testified  as  follows: 


THOMAS  CHEREPKO, 


DIRECT  EXAMINATION  BY  MR.   WHYTE : 


Q 


You  are  Captain  Tom  Cherepko  from 


Pittsburgh, 


Pennsylvania? 


A 


Yes,  sir. 


Q 


Captain  Cherepko,   what  is  your  current 


position? 


A 


CIS  plans  and  operation  officer  for  NATO 


Force  Command  Madrid. 


Q 


What  is  CIS? 
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A  Communications  and  information  systems . 

Q  What  are  your  responsibilities  in  this 

position? 

A  I  do  planning  for  training  exercises  and 

real  world  operations . 

Q  Captain  Cherepko,   what  is  your  branch? 

A  I  am  a  functional  area  53  basic  branch 

engineer . 

Q  And  what  training  did  you  receive  to  become 

a  53  alpha? 

A  I  went  through  the  53  alpha  course  long 

known  as  the  information  system  manager  course . 
Q  Where  was  it? 

A  Ft.   Worth,  Georgia. 

Q  How  long  was  it? 

A  Approximately  nine  months . 

Q  Can  you  please  describe  to  the  court  what 

this  training  consisted  of? 

A  The  course  is  broken  down  into  three 

phases,   networking,    enterprise  systems  with  the 
Microsoft  Academy  and  third  phase  is  security,  other 


Provided  by  Freedom  of  the  Press  Foundation 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 


UNOFFICIAL  DRAFT  -  6/12/13  Afternoon  Session 

112 

related  topics . 

Q  And  what  certificates  did  you  receive 

during  this  time? 

A  I  received  a  CISSP,   the  Certified 

Information  Systems  Security  Professional,  security 
plus  and  the  Windows  Vista  certification . 

Q  What  was  your  first  assignment  out  of  this 

court? 

A  2nd  Brigade,    210th  Mountain. 

Q  When  did  you  arrive  at  Ft .  Drum? 

A  October  1st,  2009. 

Q  And  what  happened  when  you  arrived? 

A  When  I  arrived,   after  I  didn't  process,  the 

brigade  was  in  the  process  of  deploying  and  within  a 
few  weeks  of  my  arrival  I  deployed  with  the  brigade . 

Q  Where  did  you  deploy  to? 

A  To  FOB  Hammer,  Iraq. 

Q  When  did  you  arrive  at  FOB  Hammer? 

A  Middle  of  November,    sometime  after  the 

relief  in  place  with  the  2nd  Airborne . 

Q  Did  PFC  Manning  deploy  to  FOB  Hammer  as 
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well? 

A  Yes,  sir. 

Q  What  section  were  a  signed  to  at  FOB 

Hammer? 

A  The  S6  communication  section. 

Q  What  was  your  position  at  FOB  Hammer? 

A  I  was  the  brigade  automations  officer. 

Q  What  were  your  responsibilities  in  that 

position? 

A  My  responsibilities  were  the  maintenance 

and  managements  of  the  brigade ' s  network  in  the  absence 
of  the  brigade  signal  officer,   act  as  the  brigade 
signal  officer  and  information  assurance  manager. 

Q  So  you  said  you  were  responsible  for  the 

maintenance  of  the  network? 

A  Yes,  sir. 

Q  What  classified  networks  were  available  at 

FOB  Hammer? 

A  We  had  SIPRNET. 

Q  What  was  required  for  someone  to  get  access 

to  SIPRNET? 
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A  In  order  to  get  access  for  SIPRNET  they 

needed  to  have  forms  that  were  filled  out  that  were 
signed  by  the  first  line  supervisor  stating  that  they 
had  a  need  to  have  access  to  the  network.     The  S2 
section  was  signed  verifying  the  security  clearance  and 
then  they  would  take  the  form  to  the  help  desk  where 
the  account  was  created,   assuming  that  their  IA 
training  was  complete . 

Q  So  this  was  for  them  in  order  to  get  an 

account? 

A  Yes,  sir. 

Q  So  what  type  of  documents  did  they  have  to 

fill  out  in  order  to  get  — 

A  They  had  to  fill  out  the  account  request 

for  and  an  acceptable  use  policy. 

Q  And  what  type  of  training  did  they  need  to 

receive  in  order  to  get  a  SIPRNET  other? 

A  They  needed  to  have  the  annual  information 

assurance  training  complete. 

Q  Was  there  exception  to  the  IA  training 

requirement  ? 
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A  No. 

Q  Was  there  exception  to  the  AUP  policy? 

A  No,  sir. 

Q  What  is  a  AUP? 

A  Acceptable  use  policy.     It  is  a  document 

that  states  what  you  are  and  are  not  permitted  to  do  on 
the  network  that  you  are  signing  for. 

Q  What  regulations  are  covered  under  AUP? 

A  AR25— 2  and  a  few  others. 

Q  Did  PFC  Manning  have  a  SIPRNET  other? 

A  Yes,  sir. 

Q  How  do  you  know  that? 

A  Because  on  the  night  he  was  defiled  I 

deactivated  his  SIPR  account . 

Q  And  did  he  need  to  sign  an  AUP  to  get  a 

SIPRNET  account? 

A  Yes,    sir,    everyone  was  required  to. 

Q  Talk  about  the  AUP .     How  many  AUPs  have  you 

signed  in  the  course  of  your  career? 

A  Approaching  50,  sir. 

Q  When  you  arrived  at  Ft .   Drum  did  you  have 
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to  sign  an  AUP? 

A  I  did. 

Q  When  you  arrived  at  FOB  Hammer  did  you  have 

to  sign  an  AUP? 

A  Yes,  sir. 

Q  Did  all  soldiers  upon  arrival  at  FOB  Hammer 

have  to  sign  an  AUP? 

A  All  soldiers  given  accounts  had  to  sign  an 

AUP,   yes,  sir. 

Q  And  you  said  PFC  Manning  had  an  account? 

A  Yes,  sir. 

Q  During  the  course  of  this  investigation  did 

you  locate  PFC  Manning's  AUP? 
A  I  did  not,  sir. 

Q  Was  this  the  only  AUP  that  you  could  not 

find? 

A  No,    sir.     We  were  unable  to  find  mine  as 

well . 

Q  Are  you  familiar  with  the  contents  of  an 

AUP? 

A  I  am,   yes,  sir. 
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Q  And  what  guidance  is  available  for  what 

should  be  included  in  an  AUP? 

A  AR25-2  has  a  sample  AUP  that  we  would  use 

to  create  an  AUP . 

Q  Are  you  familiar  with  the  sample? 

A  I  am.     Yes,  sir. 

Q  How  so? 

A  Upon  redeployment  I  used  the  sample  AUP  to 

draft  the  new  AUP  for  the  brigade  with  some  other  AUPs 
as  guidelines . 

Q  When  you  deployed  back? 

A  When  I  redeployed  from  Iraq. 

Q  When  you  arrived  at  FOB  Hammer  did  you 

(INAUDIBLE)    the  AUP? 

A  I  did,  sir. 

Q  Can  you  explain  how  the  sample  AUP  in  the 

AR25— 2  compares  to  the  actual  AUP  you  signed  at  FOB 
Hammer? 

A  They ' re  similar  sir .     They  may  not  look  the 

same  but  the  content  is  similar . 

Q  So  do  you  remember  the  AUP  that  you  signed 
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at  Hammer  verbatim  to  the  AUP  in  AR25-2? 


A 


Most  likely  not . 


Q 


Was  the  content  of  the  AUP  substantially 


similar  to  the  content? 


A 


It  would  be  similar . 


Q 


Would  you  be  able  to  identify  the  sample 


AUP? 


A 


I  would,  sir. 


Q 


How  would  you  be  able  to  identify  it? 


A 


The  sample  AUP  has  generic  terms  throughout 


that  are  meant  to  replace  when  you  create  your  own 
using  it  as  a  boilerplate  template.     For  example,  one 
of  them  would  be  it  doesn ' t  have  the  name  of  the 
network  but  it  has  classified  network  name  and  then  the 
acronym  is  CNN  and  I  found  at  amusing  that  CNN  is  a 
classified  network  so  yes . 

Q  What  other  characterization  about  the 

document  ? 

A  It  says  that  it ' s  a  sample  AUP  and  it  has 

several  regulations,    rules  from  AR25— 2  listed  in  it. 
Q  Let  the  record  reflect  I'm  retrieving 
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Prosecution  Exhibit  94? 

A  It  also  starts  on  page  61,   if  that  matters. 

MR.   COOMBS:     Your  Honor,   the  defense 
objects  to  use  of  Prosecution  Exhibit  4  9  for 
identification.     If  I  could,    I  believe  trial  counsel 
brought  out  most  of  the  foundation.      If  I  can  voir  dire 
in  light  of  my  objection  for  the  matter  of  two  or  three 
questions  to  show  this  is  not  relevant . 

THE  COURT:     All  right.     Voir  dire. 
VOIR  DIRE  EXAMINATION  BY  MR.  COOMBS: 
Q  You  indicated  that  everyone  signed  an  AUP 

before  they  were  given  SIPRNET  access  in  Iraq,  correct? 
A  Yes,  sir. 

Q  Was  this  the  AUP  everyone  signed? 

A  That  is  a  sample,    sir,   that  is  used  as  a 

baseline  to  build  the  AUP . 

Q  So  the  answer  would  be  no,   this  is  not  the 

AUP  that  everyone  signed? 

A  No,    sir,   this  is  not  the  actual  AUP.  It's 

only  a  sample  used  to  create  an  actual  AUP . 

Q  And  there  is  an  actual  AUP  that  had  terms 
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that  governed  how  an  individual  could  use  the  SIPRNET? 


A  Yes,  sir. 

Q  And  everyone  signed  that? 

A  Yes,  sir. 

Q  You  said  you  couldn ' t  locate  PFC  Manning ' s 

and  you  couldn't  locate  yours? 
A  Correct,  sir. 

Q  But  you  could  locate  other  people's? 

A  Yes,  sir. 

MR.   COMBS:     So  we  would  object  to  the  use 
of  this  sample  AUP  because  this  was  not  what  was 
signed.     The  government  should  be  able  to  produce  the 


AUP  that  was  signed  by  the  soldiers  from  210  Mountain 
in  order  to  get  on  the  SIPRNET. 

THE  COURT:     Captain  Whyte,    is  there  the 
actual  AUP  that  was  signed? 

MR.   WHYTE:      It  couldn't  be  found.     But  the 
sample  AUP  contained  substantially  all  the  content  from 
the  AUP  from  his  memory. 

THE  COURT:     So  this  is  a  best  evidence 

objection . 
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MR.   COOMBS:     Yes,   Your  Honor,  especially 
when  you  have  three  specifications  that  rise  and  fall 
on  the    (INAUDIBLE)    so  you've  got  specifications  2  and  3 
of  charge  3  and  then  each  of  those  obviously  are 
(INAUDIBLE)   violations  and  then  you've  got  a  10— year 
offense,   specification  11  of  charge  II,   a  10-year 
offense . 

If  the  government  is  going  to  premise 
criminal  liability  based  upon  an  AUP,   they  ought  to  be 
able  to  produce  the  AUP .     I  understand  maybe  they  can ' t 
produce  PFC  Manning ' s .     But  we ' re  talking  about  a  whole 
brigade .     Surely  at  least  one  AUP  can  be  found  from  the 
brigade . 

THE  COURT:     Government,   normally  I  would 
not,   the  government's  allowed  to  try  the  case  as  you 
want  to,   but  in  this,   the  government  doesn't  intend  to 
actually  question  about  the  actual  document  signed  when 
you  have  it . 

MR.   WHYTE:     We  intend  to  elicit  testimony 
from  the  witness  about  what  was  included  in  that  AUP  to 
his  memory,   Your  Honor,   and  the  sample  AUP  will  help 
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the  witness  testify  to  those  things . 

THE  COURT:     So  would  the  AUP  from  Ft.  Drum, 

right? 

MR.   FEIN:     Can  we  have  a  moment,  Your 

Honor? 

THE  COURT:  Yes. 

MR.   WHYTE:     Can  I  ask  the  witness  a  few 
questions,   Your  Honor. 

THE  COURT:  Yes. 

DIRECT  EXAMINATION  BY  MR.  WHYTE: 
Q  Who  maintained  these  AUPs  at  FOB  Hammer? 

A  The  help  desk. 

Q  Originally  what  happened  to  these  records 

when  they  were  signed? 

A  Yes,    sir,   they  were  collected  from  the 

individual  and  then  they  were  stored  in  a  folder  in  the 
help  desk  in  the  brigade  headquarters . 

Q  Originally  what  happened  to  these  records 

once  they  were  stored? 

A  They  were  stored  just  on  a  shelf  in  the 

help  desk  area  and  they  were  — 
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Q  Brief  Your  Honor  with  what  happens  to  these 

documents  throughout  their  deployment. 

A  Yes,   they  remain  just  sitting  in  a  folder. 

They're  never  really  referenced  again  unless  we  need 
to . 

Q  Are  you  familiar  with  what  happens  once 

you ' re  redeployed? 

A  Yes,    sir.     Usually  they're  destroyed. 

THE  COURT:     So  there  is  no  —  now  I'm 
completely  confused.     Is  there  or  are  there  available 
documents  from  FOB  Hammer,   AUPs  that  were  signed  by 
somebody  else  or  were  not? 

MR.   FEIN:     Ma'am,    if  I  may? 

BY  MR.  FEIN: 

Q  Captain  Cherepko,    do  any  AUPs  from  FOB 

Hammer  exist  today? 

A  Not  that  I  know  of  today. 

Q  Did  they  exist  once  you  arrived  back  to  Ft . 

Drum? 

A  I  don ' t  recall  any  arriving  back  to  Ft . 

Drum,  sir. 
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Q  Because  to  the  best  of  your  memory  what 

happens  to  those  AUPs  that  were  in  FOB  Hammer  in  Iraq? 

A  When  the  network  was  turned  off,   they  were 

burned. 

MR.   FEIN:     Thank  you. 

And  there  are  no  AUPs  from  Ft .   Drum,  excuse 
me,    from  FOB  Hammer  when  the  unit  redeployed  because 
they  were  destroyed  which  is  why  the  United  States  is 
offering  to  the  best  of  his  memory  to  be  able  to  use  a 
sample  AUP  and  to  be  able  to  draw,   to  aid  him  in  his 
memory  what  was  on  the  AUP  when  it  existed. 

THE  COURT:     Do  you  want  to  voir  dire  the 
witness  further? 

MR.   COOMBS:     Yes,   Your  Honor. 
VOIR  DIRE  EXAMINATION  BY  MR.  COOMBS: 
Q  Captain  Cherepko,   you  said  you  eliminated 

my  client's  ability  to  get  on  SIPRNET  at  some  point? 
A  Yes,  sir. 

Q  When  was  that? 

A  The  night  that  he  was  detained. 

Q  So  roughly  towards  the  end  of  May  2010? 
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A  I  don't  recall  the  exact  date  but  yes,  sir. 

Q  Prior  to  your  redeployment? 

A  Yes,  sir. 

Q  And  at  that  point  AUPs  still  existed, 
right? 

A  Yes,  sir. 

Q  But  you  hadn ' t  redeployed? 

A  Correct . 

Q  So  if  the  AUP  wasn't  secured  at  that  point, 
that  was,   that  was  because  no  one  I  guess  asked  for  it? 

A  Or  it  didn't  exist,   yes,  sir. 

Q  But  somebody  did  come  around  looking  for  it 
from  you,  correct? 

A  Yes,  sir. 

Q  And  they  asked  if  you  could  produce  it? 

A  Yes,  sir. 

Q  And  you  said  I  can't  find  PFC  Manning's? 

A  Correct . 

Q  But  I  can't  even  find  mine? 

A  Correct . 

Q  But  you  had  evidence  at  that  point? 
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A  In  FOB  Hammer,  yes. 

Q  But  no  one  asked  for  that  dope? 

A  Not  that  I  recall,   no,  sir. 

Q  And  the  government  is  attempting  now  to  use 

AR25— 2  —  I'd  like  to  have  this  marked  as  Defense 
Exhibit  Alpha  for  identification. 

You  said  you  used  AR25-2  to  create  your  own 
AUP  at  some  point? 

A  Upon  redeployment,   yes,  sir. 

Q  And  when  you  used  your  own,   you  added  in 

your  own  terms  and  whatnot? 

A  I  did,    sir.      I  used  the  sample  from  AR25— 2, 

the  divisions  and  the  installations  and  I  made  sure 
that  mine  met  the  requirements  of  AR25— 2  and  was  nested 
with  the  divisions  and  the  installations . 

Q  So  was  yours  quite  a  bit  longer  than  the 

sample  one  in  AR25— 2? 

A  Yes,  sir. 

Q  Was  it  worded  verbatim  to  the  one  in 

AR25-2? 

A  No,    sir.     There  were  sections  that  were 
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verbatim,   but  the  complete  document  was  not  verbatim. 
Because  there  are  sections  in  the  sample  that  you  have 
to  modify  to  suit  your  unit  and  your  local  policies  and 
regulations . 

Q  I'm  going  to  show  you  Defense  Exhibit  Alpha 

for  identification  and  see  if  you  recognize  it. 

MR.   FEIN:     Ma'am,    is  this  a  voir  dire? 

THE  COURT :      I'm  allowing  it  to  see  what 
we ' re  going  to  use . 

Go  ahead . 

Q  Showing  you  what ' s  been  marked  as  Defense 

Exhibit  Alpha  for  identification.     Can  you  tell  me  what 
it  is? 

A  That  is  the  Ft .   Drum  installation  AUP . 

Q  What  year  and  month  is  that  AUP? 

A  February  2010. 

Q  So  that  would  have  been  after  your 

deployment  ? 

A  It  would  have  been  in  the  middle  of  the 

deployment,   yes,  sir. 

Q  As  far  as  this  one  is  for  Ft .  Drum, 
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correct? 

A  This  is  for  the  installation,   yes,  sir. 

Q  That  wouldn't  be  the  one  that  you  would  use 

down    (INAUDIBLE)    would  it? 
A  No,  sir. 

Q  How  many  pages  is  that  AUP? 

A  Seven,  sir. 

MR.   COMBS:     Retrieving  Exhibit  Alpha  for 
identification  from  the  witness . 

Your  Honor,   what  the  defense  would  ask  the 
court  to  do  is  look  at  Defense  Exhibit  Alpha  for 
identification  and  the  version  that  the  government 
wants  to  use  from  25—2  and  you  will  see  that  there's 
quite  a  bit  of  difference  between  the  two  versions, 
this  is  what  Ft .   Drum  used  for  AUP  when  they  came  back . 

So  if  the  government  is  going  to  premise 
three  specifications  on  a  violation  on  25—2  and  one 
(INAUDIBLE) ,   violating  the  AUP  for  the  1030  offense, 
the  terms  matter.     It  can't  be  closed. 

I'm  handing  Defense  Exhibit  Alpha  to  the 
court  and  I  request  that  the  court  compare  that  with 
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Prosecution  Exhibit  94  for  identification. 

THE  COURT :      I ' ve  looked  at  both  of  them, 
Mr.   Coombs.     That's  what  they  have  cross— examination 
for.     You'll  be  free  to  question  the  witness  about  the 
Ft .   Drum  AUP . 

I ' m  going  to  let  the  government  go  ahead 
and  use  Prosecution  Exhibit  94  for  identification .  I 
understand  your  objection. 

MR.   COOMBS:     Ma'am,    for  clarification,  it's 
being  used  for  illustrative  purposes  only.      It's  not 
being  used  as  the  AUP  signed  by  my  client . 

THE  COURT:  Yes.  I  believe  that's  the 
government's  position.  Right?  That's  not  the  AUP 
signed  — 

MR.   WHYTE:     That's  correct,  sir. 
DIRECT  EXAMINATION  BY  MR.  WHYTE: 
Q  Handing  the  witness  Prosecution  Exhibit  94 

for  ID. 

Captain  Cherepko,   please  look  at  that 
document  and  let  me  know  when  you're  finished. 
(Witness  reading.) 
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A  Yes,  sir. 

Q  Are  you  familiar  with  this  document? 

A  I  am,  sir. 

Q  What  is  that  document? 

A  That  is  the  sample  acceptable  use  policy  in 

the  back  AR25-2. 

Q  And  how  do  you  know  that? 

A  Because  it  starts  on  page  61  of  AR-25.  It 

labels  itself  as  the  sample  of  acceptable  use  policy 
and  in  the  contents  of  it  it  uses  the  terms  that  are 
being  replaced  with  your  specific  unit  information  such 
as  classified  network  name,    insert  unit  name  here. 
That  sort  of  information . 

Q  Again,    can  you  please  explain  to  the  court 

how  this  sample,   to  the  best  of  your  memory,  compares 
with  the  actual  AUP  that  you  signed  at  FOB  Hammer? 

A  It's  similar.      It  may  not  look  identical, 

but  the  content  is  similar . 

MR.   WHYTE:     Your  Honor,   we  offer 
Prosecution  Exhibit  94  as  the  next  Prosecution  exhibit . 

MR.   COOMBS:     Your  Honor,   the  defense  would 


Provided  by  Freedom  of  the  Press  Foundation 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 


UNOFFICIAL  DRAFT  -  6/12/13  Afternoon  Session 


131 

not  and  in  this  instance,    I  don't  know  if  the  witness 
actually  read  the  amount  of  time,   this  seems  to  be 
similar  meaning  it  looks  like  an  AUP  and  there  might  be 
some  similar  terms,   but  to  offer  this  into  actual 
evidence  in  this  case  it  has  no  relevance  to  this  case 
here  because  it ' s  not  what  my  client  signed  for  one . 

Second,   even  though  the  witness  does  have 
personal  knowledge  of  the  AUP  that  was  signed  in  this 
instance  all  it's  saying  it's  similar,   most  of  the  time 
it  might  go  to  weight  instead  of  admissible. 

But  in  this  instance  because  of  the  fact 
that  the  terms  actually  matter,   what  is  relevant  is  the 
actual  terms  of  AUP.      So  we  would  argue  under  403  this 
is  also  prejudicial  and  it  is  confusion  of  the  actual 
issues,   that  is  what  are  the  terms  that  PFC  Manning  had 
to  abide  by  while  he  was  deployed. 

THE  COURT:  Government? 

MR.   WHYTE:     Well,   Your  Honor,   actually  the 
Defense ' s  exhibit  as  well  was  not  a  record  that  PFC 
Manning  actually  saw  himself .      It  was  a  document 
produced  or  created  during  the  deployment  and  signed 
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that  document  when  he  redeployed  back  at  Drum  which  the 
accused  did  not  do.  So  that  is  not  a  document  that  PFC 
Manning  actually  saw. 

What  we ' re  asking  Captain  Cherepko  to  do  is 
based  on  this  sample  to  testify  as  to  what  that  AUP 
that  he  signed  at  FOB  Hammer  consisted  of . 

THE  COURT :     Here ' s  what  I ' m  going  to  do 
with  that.     With  the  foundation  you  laid  so  far,  I'm 
going  to  sustain  the  defense  objection.     If  you  want  to 
go  through  the  document  paragraph  by  paragraph  and  talk 
about  the  witness,    since  he's  coming  from  memory  what 
he  remembers  the  actual  AUP  said,    I ' 11  listen . 

MR.   WHYTE:     Just  to  clarify,   Your  Honor,  we 
can  talk  to  the  witness  about  what  was  included  in  the 
FOB  Hammer? 

THE  COURT:  Yes. 

MR.   WHYTE:     But  not  through  reference  of 
Prosecution  Exhibit  4  9  for  ID. 

THE  COURT:     You  can  use  Prosecution  Exhibit 
94  for  identification  to  go  through  the  witness,  this 
is  what  the  sample  says,   paragraph  one.     Was  yours  any 
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different.      It  the  same.     Was  it  — 

MR.   FEIN:     May  we  have  a  brief  moment? 
THE  COURT:  Yes. 

MR.   WHYTE:     Your  Honor,   we  offer 
Prosecution  Exhibit  94  for  ID  as  Prosecution  Exhibit 
94. 

MR.   COOMBS:     Same  objection. 
THE  COURT :     After  you ' ve  gone  through  the 
paragraphs  we ' 11  address  that . 

May  we  have  a  short  recess? 

THE  COURT:     Yes,   how  long  would  you  like? 

MR.   FEIN:     Two  minutes. 

THE  COURT:     Captain  Cherepko,   please  don't 
discuss  your  knowledge  of  the  case  with  anyone  during 
recess . 

(Brief  recess.) 

THE  COURT:     Court  is  called  to  order. 
Record  reflect  all  parties  present  when  the  court  last 
recessed  are  again  present  in  court . 

Captain  Whyte,   witness  is  on  the  witness 

chair . 
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MR.   WHYTE:     Permission  to  publish  the 

exhibit . 

THE  COURT:  Proceed. 

MR.   WHYTE:      I'm  retrieving  Prosecution 
Exhibit  94  for  ID  from  the  court  reporter . 
BY  MR.  WHYTE: 

Q  Captain  Cherepko,   earlier  you  said  that  the 

FOB  Hammer  AUP  was  nested  from  the  sample  AUP  in 
AR25-2.     What  do  you  mean  by  that? 

A  The  one  that  I  created  after  redeployment  I 

used  AR25-2  sample  as  the  baseline  and  I  took  my  higher 
head  words  and  installations  and  make  sure  any  local 
policies  that  were  in  place  were  covered  under  my  AUP . 

MR.   COOMBS:     Your  Honor,    I  object  to 
relevance  of  anything  after  the  redeployment . 

THE  COURT :      I  believe  the  government ' s 
question  was  the  AUP,   the  AUPs  that  you  used  for  Hammer 
that  you  no  longer,   FOB  Hammer,   that  you  no  longer 
have . 

THE  WITNESS:     Yes,   ma'am.      I  didn't  draft 
that  AUP .      It  was  in  place  when  I  arrived  at  the  FOB . 
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The  only  AUP  that  you  crated  was  after  redeployment . 

THE  COURT:     Maybe  you  can  target  your 
questions  a  little  bit  better. 
BY  MR.  WHYTE: 

Q  Can  you  explain  again  how  the  sample  AUP  in 

25-2  compared  to  the  actual  AUP  that  you  signed  at  FOB 
Hammer  to  the  best  of  your  memory? 

A  To  the  best  of  my  memory  the  content  was 

very  similar.     The  sample  until  25—2  covers  what  needs 
to  be  in  an  acceptable  use  policy  and  to  the  best  of  my 
memory  the  content  and  the  subject  matter  is  very 
similar . 

Q  Captain  Cherepko,   can  you  please  just  read 

to  yourself  paragraph  number  one  of  Prosecution  Exhibit 
94  for  ID. 

(Witness  reading.) 
A  Yes,  sir. 

Q  So  to  the  best  of  your  memory,   how  did  the 

AUP  that  you  signed  at  FOB  Hammer  compare  to  this 
paragraph  in  the  sample  AUP? 

A  It  may  not  have  been  verbatim,   but  it  was 
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the  same  intent . 

Q  What  was  that  intent? 

A  You ' re  signing  that  you  understand  that  the 

2nd  Brigade  10th  Mountain  SIPRNET  or  NIPRNET  is,  it's 
your  responsibility  to  follow  the  rules  and  not  make 
any  unauthorized  modifications,    changes  or  do  anything 
to  circumvent  security . 

Q  Captain  Cherepko,   can  you  please  read  to 

yourself  paragraph  6. 

(Witness  reading.) 

Q  To  the  best  of  your  memory,   how  did  the  AUP 

that  you  signed  at  FOB  Hammer  compare  to  this  sample 
AUP  in  25-2? 

A  Again,    I  can't  recall  verbatim  what  it 

said,   but  the  restriction  on  introducing  software  to 
the  network  or  to  a  system  is  prohibited,  was 
prohibited. 

Q  Are  you  familiar  with  what  an  executable 

file  is? 

A  Yes,  sir. 

Q  What  is  an  executable  file? 
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A  An  executable  file  is  a  piece  of  software 

that  is  able  to  be  run  without  administrative 
privileges.      It  wasn't  required  being  installed,  it 
doesn ' t  require  any  modifications  of  the  operating 
system  and  it  can  be  run  from  a  CD,    a  flash  drive,  from 
a  shared  drive  from  a  network  location,    from  the 
desktop.     There's  no,   there's  no  requirement  to  install 
an  executable  file . 

Q  When  PFC  Manning  was  at  FOB  Hammer,  were 

you  familiar  with  what  Wget  was? 

A  When  he  was  at  FOB  Hammer,   no,  sir. 

Q  But  you ' re  familiar  with  it  today? 

A  Yes,  sir. 

Q  What  is  Wget? 

A  It ' s  an  executable  file  that ' s  used  to 

scrape  sites  or  sources  and  retrieve  any  data  that ' s 
set  in  the  parameters  of  the  program  to  retrieve, 
whether  it ' s  all  or  a  specific  type  or  what  have  you . 

Q  And  to  the  best  of  your  knowledge  at  FOB 

Hammer  was  Wget  an  authorized  executable  file? 

A  It  was  not,   no,  sir. 
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Q  Are  you  familiar  with  the  certificate  of 

net  worthiness? 

A  I  am,  sir. 

Q  What  is  the  certificate  of  net  worthiness? 

A  The  certificate  of  net  worthiness  is  an 

organization  for  a  piece  of  software  to  be  used  on  Army 
network . 

Q  When  you  were  on  the  FOB  Hammer  was  Wget  on 

this  certificate  of  net  worthiness? 
A  No,  sir. 

Q  What  does  that  mean? 

A  It  was  not  authorized. 

Q  Captain  Cherepko,   if  you  could  please  read 

subparagraph  O. 

(Witness  reading.) 
A  Yes,  sir. 

Q  To  the  best  of  your  knowledge,   how  did  the 

AUP  that  you  signed  at  FOB  Hammer  compare  to 
subparagraph  O  of  the  sample  AUP? 

A  It  would  be  very  similar .     That  is  a 

required  statement,   not  only  on  AUPs  but  every  time  you 
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log  in  the  machine,   that  statement  or  one  very  similar 
to  it  is  displayed. 

MR.   WHYTE:     Let  the  record  reflect  I'm 
returning  to  the  clerk  Prosecution  Exhibit  94  for  ID . 
BY  MR.  WHYTE: 

Q  Captain  Cherepko,    are  you  familiar  with  the 

T-drive  at  FOB  Hammer? 

A  I  am. 

Q  What  was  the  T-drive? 

A  The  T— drive  was  a  shared  drive  on  the 

network  that  users  had  access  to  to  store  files  on. 

Q  And  when  you  arrived  at  FOB  Hammer,  what 

was  the  status  of  the  T-drive? 

A  It  was  in  place  and  operational . 

Q  And  what  network  was  it  on? 

A  It  was  on  SIPR. 

Q  What  restrictions  were  placed  on  the 

T-drive  for  access? 

A  If  you  were  not  a  member  of  the  2nd  Brigade 

10th  Mountain  domain,   you  did  not  have  access  to  the 
shared  drive.     And  if  you  were  a  member  of  the  domain, 
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there  were  very  few  restrictions  on  where  you  could 
view,   edit  or  remove  files . 

Q  So  what  prevented  a  user  from  moving 

information  on  the  T— drive? 

A  Nothing,    sir.     The  intent  of  the  T— drive  is 

to  place  information  there,    retrieve  information  so 
that  you  don't  fill  up  the  local  storage  on  your 
computer . 

Q  And  what  prevented  the  users  from  removing 

something  from  the  T— drive? 
A  Nothing,  sir. 

Q  Let ' s  talk  about  the  administrative  rights 

with  the  network.     Who  is  an  administrator? 

A  An  administrator  is  a  person  with  elevated 

privileges  that  allows  him  or  her  to  make  modifications 
to  software  or  hardware . 

Q  So  what  is,    just  explain  again,   what  does 

it  mean  to  have  administrative  rights? 

A  It  means  you  have  the  ability  to  install 

hardware,  make  changes  to  the  operating  system  or 
install  software . 
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Q  So  what  can  a  user  not  do  without  being  the 

administrator? 

A  They  cannot  install  hardware  and  they 

cannot  install  software .     They  cannot  make 
modifications  or  changes  to  the  operating  system. 

Q  What  were  the  administrators  of  the  share 

drive? 

A  The  administrators  of  the  shared  drive  were 

my  soldiers  and  assistant  administrators  who  worked  for 
me . 

Q  Did  PFC  Manning  have  administrative 

privileges? 

A  No. 

Q  Was  PFC  Manning  authorized  to  install 

software? 

A  No,  sir. 

Q  What  happens  if  someone  wanted  to  install 

software  onto  their  government  computer? 

A  They  would  request  a  piece  of  software  that 

they  did  not  have  through  the  help  desk  and  then  the 
help  desk  would  check,   if  it  was  an  authorized  piece  of 
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software  that  we  had  a  license  for  and  readily 
available,   they  will  install  it.     If  it  was  not  either 
available  or  we  did  not  have  a  license  or  it  was  not 
authorized,   then  the  help  desk  would  come  see  me. 
Q  What  would  you  do? 

A  I  would  then  research  the  availability  of 

obtaining  the  software . 

Q  Would  you  check  to  see  if  an  approved 

program? 

A  I  would,   yes,  sir. 

Q  At  FOB  Hammer  to  the  best  of  your  memory, 

did  PFC  Manning  ever  ask  you  to  install  a  program  onto 
his  computer? 

A  No,  sir. 

Q  You  testified  earlier  that  you  are  familiar 

with  Wget .     Can  you  just  one  last  time  explain  the 
installation  process  for  Wget? 

A  There  is  no  installation  process.      If  you 

have  it  on  a  CD  or  thumb  drive  or  on  your  desktop  you 
can  simply  run  it .     There ' s  no  administrative  rights 
required. 
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Q  You  said  Wget  was  an  executable  file? 

A  Yes. 

Q  So  how  does  using  an  executable  file  like 

Wget  allow  a  user  to  circumvent  the  need  to  actually 
come  see  the  S6? 

A  There ' s  no  administrator  required  to 

install  it .     You  simply  run  it  from  a  disk  or  desktop . 

Q  So  who  was  capable  of  putting  a  program 

like  Wget,   an  executable  file,   onto  their  computer? 

A  Anyone . 

Q  Was  PFC  Manning  authorized  to  put  Wget  onto 

his  computer? 

A  No,    sir.     No  one  was. 

Q  What  Army  regulation  prohibits  soldiers 

from  using  unauthorized  executable  files? 
A  AR25-2. 

Q  And  what  document  do  soldiers  sign  that 

prohibits  them  from  using  unauthorized  executable 
files? 

A  An  acceptable  use  policy. 

Q  What  type  of  software  is  Wget? 
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A  I  believe  it ' s  freeware . 

Q  And  what  is  freeware? 

A  Freeware  is  software  that  you  can  download 

from  the  internet  or  whatever  source  you  obtain  it  from 
and  you  do  not  have  to  pay  for  it . 

Q  Is  freeware  authorized? 

A  It  is  not.      It  is  specifically  prohibited. 

Q  Under  what? 

A  AR25-2. 

MR .   WHYTE :     One  moment ,   Your  Honor . 
BY  MR.  WHYTE: 

Q  So  you  testified  earlier  that  you  were  the 

administrator.     You  were  one  of  the  administrators? 

A  I  was;   yes,  sir. 

Q  What  were  you  the  administrator  of? 

A  I  was  the  manager  of  all  of  the 

administrators  and  by  necessity  I  was  also  the  senior 
administrator  for  the  brigade.     Any  problems  that  the 
help  desk  soldiers  or  any  of  my  technicians  couldn't 
solve,   they  would  bring  to  me  for  the  network,  LAN, 
WAN,   enterprise  services,    local  desktop  computers,  VTC 
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suites,   battlefield  command  systems,   any  of  the  command 
control  systems . 


Q  Are  you  familiar  with  D6  machines? 

A  Slightly  familiar,   yes,  sir. 

Q  Did  you  have  D6  machines  at  — 

A  I  believe  we  did,   yes,  sir. 

Q  Were  you  the  administrator  of  the  D6? 

A  I  was  not . 

Q  Who  was  the  administrator? 

A  I'm  not  sure . 

MR.   WHYTE :     No  more  questions,   Your  Honor. 

CROSS-EXAMINATION  BY  MR.  COOMBS: 
Q  Captain  Cherepko,    just  for  a  moment  to  talk 


about  the  AUP  that  you  were  shown .     You  talk  about 
something  being,    I  think  it  might  be  similar,   am  I 
correct  that  you  read  this  once  when  you  got  to  FOB 
Hammer  and  signed  it? 


A  The  2nd  brigade  AUP? 

Q  Right . 

A  Yes,  sir. 

Q  And  after  that  you  weren ' t  reading  it  on  a 
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daily  basis,   were  you? 

A  No,    sir,   not  on  a  daily  basis. 

Q  Were  you  in  charge  of  briefing  other  people 

on  the  AUP  and  having  them  sign  it  and  supervise  them 
signing  it? 

A  No,    sir.     I  delegated  that  to  my  help  desk 

NCIC. 

Q  So  you  weren ' t  even  reviewing  the  AUP  on  a 

daily  basis? 

A  No,  sir. 

Q  So  when  you  talked  about  it  looked  similar, 

you're  basing  that  on  a  memory  of  seeing  the  document, 
the  one  that  was  signed  by  you  when  you  deployed  in 
2009,  right? 

A  Yes,  sir. 

Q  And  now  in  2013,   that's  where  you're 

testifying  based  upon  that  memory,   back  in  2009;  is 
that  right? 

A  Yes,  sir. 

Q  And  when  you  say  I  think  that's,   you  know, 

similar  or  I  believe  that  was  in  there,   do  you  know 
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that  or  are  you  making  basically  an  educated  guess 
based  upon  what  you  would  think  would  be  in  there? 

A  I'm  making  a  logical  assumption  that  when 

you  create  an  AUP  the  best  business  practice  is  to  take 
the  example  that  the  Army  gives  you  and  says  this  is 
the  standard  and  you  use  that,   along  with  local 
policies  and  you  create  your  document  and  every  AUP 
I've  ever  seen  has  very  similar  content. 

Q  Okay.      I  showed  you  Defense  Exhibit  Alpha 

for  identification  and  you  agree  with  me  that  is  much 
more  substantial  than  what  is,  what  was  shown  for,  to 
you  from  25-2,  correct? 

A  Yes,    sir.     But  the  actual  content  and 

quantity  of  content  will  vary  from  location  to  location 
and  within  a  local  installation  because  most  of  that  is 
local  policies  that  is  added  by  the  command  creating 
the  AUP. 

Q  All  right.     Now,    even  within  the  AUP,  the 

one  term  that  the  government  had  you  look  at  with,  you 
know,    I  will  not  add  malicious  code  or  whatnot,   had  a 
phrase  in  there  without  authorization,  correct? 
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A  I  believe  so,    sir.     I  don't  recall  what  it 

said  but  yes . 

Q  You  don ' t  recall  something  you  just  read  a 

few  minutes  ago? 

A  Yes,  sir. 

Q  Okay.     So  do  you  need  me  to  refresh  your 

memory  on  something  you  read  a  few  minutes  ago? 
A  No ,    I'm  fine .     We ' re  good . 

Q  So,   again,   did  it  say  without  authorization 

in  it? 

A  On  the  sample  AUP,  sir? 

Q  Correct . 

A  I  would,   if  you  could  refresh  me  that  would 

be  great . 

Q  I'll  be  glad  to. 

Can  I  retrieve  — 

THE  COURT:     Are  you  referring  to 
Prosecution  Exhibit  94  or  Defense  Exhibit  Alpha? 
Q  Prosecution  Exhibit  94  ma'am. 

This  is  something  that  the  government  went 
over  with  you  a  few  minutes  ago  and  they  asked  you  to 
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read  it  to  yourself? 

A  Yes,    sir,    I  see  it. 

Q  And  you  read  that  and  they  asked  you,  you 

know,   is  this  the  one  that  you  signed.     You  said  I 
believe  so . 

So  now  just  refreshing  your  memory,    do  you 
see  without  authorization? 

A  I  do.     Yes,  sir. 

Q  So  that  would  mean  that  if  you  obtain 

authorization  you  could  do  it,    I  imagine? 

A  Yes,  sir. 

MR.   COOMBS:     Returning  Prosecution  Exhibit 
94  to  the  court  reporter. 
BY  MR.  COOMBS: 

Q  Now,   you  said  you  were  the  brigade's 

automation  officer  for  the  2nd  BCT? 

A  Yes,  sir. 

Q  Your  primary  duty  as  I  understood  it  was  to 

manage,   maintain  and  secure  the  brigade's  digital 
communications;    is  that  right? 

A  Yes,  sir. 
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Q  And  as  the  brigade  automations  officer,  you 

were  also  the  information  assurance  manager  for  the 
brigade,   the  I AM? 

A  Yes,  sir. 

Q  You  were  appointed  to  this  duty  on  orders? 

A  I  was,  sir. 

Q  And  as  the  IM  you  were  the  person  in  charge 

of  ensuring  information  assurance  practices  were  being 
followed  by  the  brigade? 

A  Yes,  sir. 

Q  You  were  in  charge  of  ensuring  any  required 

training  on  information  assurance  was  being  done  by  the 
brigade? 

A  Yes,  sir. 

Q  Other  than  the  online  IA  security  training 

that  everyone  does,   did  you  do  any  additional  training 
while  deployed  on  IA,    information  assurance? 

A  Posted  flyers  and  bulletin,    and  on  bulletin 

boards  and  little  reminders,   you  know,   don't  use  thumb 
drives,    security  is  your  responsibility  and  little 
reminders  around  the  brigade  headquarters,   but  no 
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formal  training,   no,  sir. 

Q  And  that  applied  to  the  brigade  as  a  whole, 

correct? 

A  Yes,  sir. 

Q  Now,    I  want  to  ask  you  a  little  bit  about 

the  shared  drive .     That ' s  the  T— drive ,    am  I  right  ? 
A  Yes,  sir. 

Q  The  T— drive  was  authorized  to  store  up  to 

secret  information? 

A  Correct,  sir. 

Q  And  users  were  permitted  to  basically  save 

information  on  the  T— drive  if  they  wanted  to? 

A  Yes,    sir,    it  was  available  for  any  user  on 

the  domain  to  share  or  store  information . 

Q  And  obviously  a  user  might  do  this  if  they 

wanted  to  have  something  on  the  shared  drive  and  if  it 
was  lost  by,   because  their  computer  crashed,   they  would 
be  able  to  go  to  the  shared  drive;   is  that  right? 

A  That  is  one  use  of  it,   yes,  sir. 

Q  And  there  was  no  limitation  on  the  amount 

of  classified  information  that  you  placed  onto  the 
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T— drive;    is  that  right? 

A  The  only  limitation  would  be  the  physical 

storage  limits  of  the  device  itself.     It  didn't  place 
any  limits  on  individuals . 

Q  Was  there  any  limitation  on  the  type  of 

classified  information  that  you  stored  on  the  T— drive? 

A  Yes,    sir.     You  could  only  store  up  to 

secret . 

Q  If  it  were  secret,   you  could  store  it  on 

the  T-drive? 

A  Yes,  sir. 

Q  As  the  brigade  IM,   was  there  any  limitation 

on  saving  classified  information  onto  CD  if  you  wanted 
to? 

A  At  the  time,   no,  sir. 

Q  I  imagine  if  you  did  it,   you  put  it  on  a  CD 

you  would  have  to  appropriately  label  it? 
A  Yes,  sir. 

Q  And  other  than  that,   once  you  did  that  you 

could  do  that  with  authorization? 
A  Yes,  sir. 


Provided  by  Freedom  of  the  Press  Foundation 


1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 


UNOFFICIAL  DRAFT  -  6/12/13  Afternoon  Session 


153 


Q  Now,    as  the  IAM,    information  assurance 
manager,   you  saw  a  little  unauthorized  media  on  the 
T-drive? 

A  Correct . 

Q  You  saw  this  media  basically  on  a  regular 
basis? 

A  Yes,  sir. 

Q  And  the  unauthorized  media  included  music? 

A  Yes,  sir. 

Q  It  included  movies? 

A  And  games,   yes,  sir. 

Q  And  games? 

A  Yes,  sir. 

Q  And  the  games  were  executable  files, 
correct? 

A  They  are,  sir. 

Q  Did  you  see  other  executable  files  besides 
games? 

A  Not  that  I  recall,  no. 

Q  Do  you  recall  seeing  mIRC  chat  on  the 
T-drive? 
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A  Yes,  sir. 

Q  Is  that  an  executable  file? 

A  No,    sir,    it  requires  installation. 

Q  So  from  your  memory,   mIRC  chat  on  the 

T— drive  was  not  an  executable  file? 
A  No,  sir. 

Q  Okay.     Now  executable  file,   let's  talk 

about  that  for  a  moment .     They ' re  programs  that  can  run 
without  actually  adding  them  to  the  computer .     Am  I 
correct? 

A  Correct . 

Q  If  you  took  a  executable  file  and  you  put 

it  on  the  desktop  of  your  computer  and  you  double 
clicked,    it  would  run? 

A  Yes,  sir. 

Q  And  you  wouldn't  need  admin,   rights  for 

that? 

A  No,  sir. 

Q  And  the  prosecutor  said  that  some  way  you 

could  circumvent  admin,   rights,   but  with  executable 
files  you're  not  circumventing  admin,   rights,  correct? 
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A  No,   the  file  is  designed  that  you  don't 

install  it .     There ' s  nothing  that  shows  that  you  need 
administrative  rights  to  run  it  or  operate  it .      It  just 
executes  its  commands . 

Q  And  if  you  didn't  want  to  put  on  it  your 

desktop,   you  could  run  an  executable  file  from  a  CD  as 
well,   couldn't  you? 

A  You  could  run  it  from  a  CD,    a  flash  drive, 

from  the  T— drive,   anywhere  you  could  get  access  to  it. 

Q  And  Wget,    I  know  you  said  you  became 

familiar  with  that  program  as  part  of  this  case? 

A  Yes,  sir. 

Q  But  Wget  is  an  executable  file,  right? 

A  Yes,  sir. 

Q  And  if,    if  a  soldier  wanted  to  run  Wget 

from  a  CD,   they  didn't  need  admin,   rights  for  that? 
A  No,  sir. 

Q  If  they  wanted  to  run  it  from  the  desktop 

of  their  computer,   they  didn't  need  admin,   rights  for 
that? 

A  No,  sir. 
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Q  Now,    from  your  position  as  the  IAM,  was 

there  any  kind  of  S6  Captain  Cherepko  authorized 
movies,   executable  files,   games,   folder  on  the  T-drive? 

A  No,  sir. 

Q  So  the  Colonel,   Colonel  Miller,   he  was  your 

brigade  commander? 
A  Yes. 

Q  Did  Colonel  Miller  say  here ' s  the  NWR 

folder  Captain  Cherepko  approved  of,   it  has  music, 
movies  and  games  and  mIRC  chat  that  we  have  approved  it 
and,   you  know,   go  through  and  use  it? 

A  No,  sir. 

Q  So  that  was  never  done? 

A  No,  sir. 

Q  As  the  brigade  IAM,    I  imagine  you  would 

know  this  but  did  Colonel  Miller  ever  come  to  you  and 
say  I  want  to  authorize  mIRC  chat  on  my  D6— A  computers? 

A  No,  sir. 

Q  Did  he  ever  say,   hey,   we  need  to  put 

together  a  letter  that  says,  I  know  mIRC  chat  is  not 
part  of  the  baseline  program  for  D6— A,   but  I  want  to 
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take  on  the  responsibility  of  getting  it  on  my  D6— A 
computers  because  it's  mission  essential? 

A  Sir,    I  was  not  involved  with  D6— A 

configurations  or  management  at  all  so  if  that  were  the 
case,    I  would  have  not  been  able  to  comply  with  his 
request.     But  no,   he  did  not,   never  asked  me  for  that. 

Q  And  being  a  staff  officer  myself  at 

different  times,    I  imagine  if  the  brigade  commander 
wanted  to  do  something,   he  would  first  go  to  you,  his 
staff  officer,   who  is  basically  in  charge  of  that  type 
of  stuff  to  talk  to  you  about  it? 

A  Most  likely  he  would  have  gone  to  my 

supervisor  first,  sir. 

Q  That  would  be  Major  Morrow? 

A  Yes,  sir. 

Q  And  I  imagine  that  that  would  be  batted 

around  with  you  then  at  some  point? 
A  Yes. 

Q  Do  you  recall  at  any  point  Colonel  Miller 

talking  about  adding  mIRC  chat  to  D6— A  computers? 
A  No,  sir. 
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Q  Now,   whenever  you  saw  music,   movies  and 

executable  files  on  the  T— drive,   you  would  remove  it, 
correct? 

A  I  would;   yes,  sir. 

Q  And  everyone,   even  though  you  deleted  these 

files,   they  would  come  back  into  the  T— Drive? 
A  Yes,  sir. 

Q  So  users  would  add  it  back  onto  the 

T-Drive? 

A  Yes,  sir. 

Q  And  I'm  correct  then  this  was  not  something 

that  was  leftover  from  the  previous  brigade  3A2? 
A  I  may  have  been. 

Q  When  it  was  deleted  and  put  back  on 

obviously  3A2  wouldn ' t  put  it  back  on? 

A  No,   but  it  still  may  have  been  remnants 

from  3A2  if  it  was  a  local  machine  and  they  were  copied 
from  a  local  machine  or  if  they  were  copying  it  to  a  CD 
and  moving  it  back ;   but  no ,    3A2  did  not . 

Q  When  it  got  back  into  the  T— drive,   that  was 

from  somebody  in  your  brigade? 
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A  You  could  make  that  assumption;   yes,  sir. 

Q  Would  you  make  that  assumption? 

A  I  would,  sir. 

Q  Now,   you  alerted  your  command  to  the 

presence  of  unauthorized  media  on  the  T— drive? 
A  I  did. 

Q  You  notified  your  immediate  supervisor, 

Major  Morrow? 

A  Yes,  sir. 

Q  You  also  notified  Lieutenant  Kearns? 

A  Through  Major  Morrow. 

Q  You  told  them  about  the  presence  of 

unauthorized  media  on  the  T— drive? 
A  I  did. 

Q  You  told  them  about  the  practice  of  placing 

the  unauthorized  media  on  the  T— drive  and  it  needed  to 
stop? 

A  I  did.     And  I  also  explained  the  reasons 

why . 

Q  That  was  because  you  viewed  it  as  an 

information  assurance  threat? 
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A  Yes,  sir. 

Q  And  to  your  knowledge,   nothing  was  done  by 

the  chain  of  command  to  act  upon  what  you  said? 

A  The  command  agreed  that  the  practice  needed 

to  stop . 

Q  But  nothing  was  done? 

A  I  don ' t  know  that  they  did  or  did  not  take 

any  actions  on  it .      I   just  know  that  the  practice 
didn ' t  stop . 

Q  You  know  what? 

A  That  the  practice  of  putting  information  on 

there  didn ' t  stop . 

Q  And  in  fact  it  didn ' t  stop  until  you 

unplugged  the  network  to  redeploy? 

A  That  would  be  about  the  time;   yes,  sir. 

Q  To  your  knowledge,   was  there  ever  anyone 

punished  for  placing  unauthorized  media  on  the  T— drive? 

A  Not  that  I  know  of,  sir. 

Q  If  a  member  of  the  brigade  came  to  you  and 

said  Captain  Cherepko,  I've  got  a  mission  essential 
program  that  I  need  to  install  on  my  computer,  what 
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would  be  the  process  for  you  to  get  that  done? 

A  It  depends  on  the  software  and  whether  I 

have  it,   it's  authorized,   and  I  have  a  license  allowing 
me  to  legally  use  it,   if  I  have  approval,   the  software 
and  a  license,   then  I  would  just  install  it. 

If  I  did  not  have  one  of  those  things,  I 
would  then  investigate  the  process  of  obtaining  one  of 
those  three,   the  missing  piece  of  the  puzzle. 

Q  And  have  you  ever  had  a  situation  where  you 

had  to  go  through  that  approval  process  of  trying  to 
find  the  — 

A  Yes,  sir. 

Q  —  approval? 

A  Oh,  approval? 

Q  Correct.      Something  that  you  didn't  already 

have  approval  for? 

A  No,    sir;    only  I  didn't  have  a  license  so  I 

had  to  purchase  it . 

Q  And  do  you  even  know  the  process  of  how 

that  would  happen  if  you  didn ' t  have  a  license  for  it 
and  there  was  not  approval  for  it? 
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A  If  I  didn't  have  a  license,    I  would  simply 

go  to  the  S4  and  begin  the  process  to  purchase  one.  If 
I  didn't  have  approval,    I  would  call  up  the  G6  division 
and  begin  the  process  required  to  obtain  approval  to 
use  the  software . 

Q  I  don ' t  want  to  go  through  the  whole 

process,   is  that  a  long  process? 

A  It's  not  short;   yes,  sir. 

Q  Have  you  ever  successfully  gone  through  the 

process  where  you  went  through  the  G6? 
A  I  have  not . 

Q  Have  you  ever  heard  of  anyone  going  through 

the  process  to  get  approval  through  the  G6? 

A  Not  personally.     I  can  assume  that  it  has 

happened  because  there  are  hundreds  of  programs  that 
are  approved.     I  don't  know  of  anyone  who  has  actually 
done  it . 

Q  Okay.     Now,   with  regards  to  the  IAM 

program,    I  think  we  understand  that  only  an  administer 
can  actually  add  the  program,  right? 

A  Yes. 
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Q  But  with  a  executable  file,   were  you  aware 

whether  or  not  soldiers  were  adding  executable  files  to 
the  desktop  of  their  computer? 

A  I  was  not .     Other  than  games  that  I  was 

find  on  the  T— drive,   no,    I  was  not  aware  of  any  other 
executable  files . 

Q  When  you  say  games,   games  would  function 

much  like  Wget  or  any  other  executable  file  that  once 
you  click  on  it,   it  actually  starts  to  run? 

A  Not  all ,   but  most . 

Q  So  some  games  would  function  the  same  way 

as  Wget  would? 

A  Some  would. 

Q  Were  you  aware  of  whether  or  not  anyone  in 

the  unit,   soldiers  in  the  unit,   believed  that  they 
could  add  games,   music,   executable  files,   like,  they 
were  given  approval  to  do  that? 

A  No,    sir.     Everyone  signed  the  document  that 

said  they  would  not  add  software  or  change  the 
baseline .     And  beyond  that ,   no  one  that  I  know  ever 
told  them  that  they  were  and  none  of  the  officers  or 
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NCOs  that  I  knew  personally  thought  that  it  was 
acceptable . 

Q  But  am  I  correct  in  saying  it  wasn ' t  very 

hard  for  you  to  search  the  T— drive  and  find  executable 
files,    find  music  and  movies? 

A  No,    sir;    it  was  not. 

Q  Pretty  much  any  day  you  wanted  to,  you 

could  go  look  and  you  would  find  it? 
A  More  or  less;   yes,  sir. 

Q  And  even  though  that  was  the  case,   to  your 

knowledge  that  stuff  never  came  off  of  the  T— drive,  the 
music,   movies  and  games,   it  never  came  off  the  T— drive 
until  you  basically  unplugged? 

A  No,    sir.      It  would  disappear  for  short 

periods  of  time  after  I  found  it  and  deleted  it  and 
then  it  would  reappear  hours,   days,   week,  months  later. 
But  for  a  brief  period  of  time,   it  was  free  of  all 
unauthorized  media. 

Q  So  every  kind  of  soldier  and  NCO  you  knew 

understood  that  it  was  not  appropriate,  correct? 

A  Correct . 
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Q  Did  you  ever  get  to  the  bottom  of  who  was 

adding  all  this  stuff  under  the  T— drive? 

A  Whenever  I  was  able  to  identify  a  soldier 

who  was  doing,   adding  the  media,    I  would  go  to  that 
soldier,   explain  the  reasons  why  it's  a  bad  idea.  I 
would  explain  to  their  first  line  supervisor  why  it  was 
a  bad  idea  and  then  I  would  leave  it  up  to  their  chain 
of  command  to  pursue  the,   whatever  they  wanted  to  do  to 
the  soldier . 

Q  To  your  knowledge,   was  anything  ever  done 

by  the  chain  of  command? 

A  Not  that  I  know  of . 

Q  Let ' s  talk  about  access  controls  on  the 

shared  drive .     Do  you  know  why  none  of  the  files  on  the 
T— drive  were  encrypted? 

A  It  was  a  secure  network .     There  was  no  need 

to  encrypt  the  files . 

Q  So  any  file  on  the  T— drive,   video  or 

otherwise,   would  be  unencrypted? 

A  Yes,    sir.     Unless  the  user  opted  to  encrypt 

the  file  for  some  reason . 
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Q  Do  you  know  why  none  of  the  information  on 

the  T— drive  was  compartmentalized? 

A  It  was,    it  was  compartmentalized  into 

folders,   but  there  was  no  restrictions  on  who  could 
access  the  folder,   if  that's  what  you  mean. 

Q  That  is  what  mean.     So,    in  other  words,  if 

I  had  access  to  the  T-drive,    I  had  access  to  everything 
on  the  T— drive? 

A  Yes,    sir.     Unless  there  was  a  restriction 

requested.      If  a  soldier  or  a  staff  officer  or  someone 
would  come  to  me  and  request  a  restriction  on  a  file  or 
folder,    I  would  initiate  that  restriction. 

An  example  I  can  give  you  the  S3  shop  did 
not  want  anyone  to  be  able  to  modify  the  long  range 
planning  calendar  so  I  put  a  restriction  that  only  one 
master  sergeant  could  edit  that  document .  Everyone 
could  view  it,   but  only  he  could  edit  it. 

If  you  asked  for  it,    I  gave  it  to  you.  But 
I  don't  make  the  decision  on  what  you  do  and  what  the 
S3  does  and  does  not  want  restricted. 

Q  Was  that  hard  to  do,   if  you  wanted  to  put 
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restrictions  to  limit  access  to  certain  information  on 
the  T-drive,    is  that  a  difficult  thing  for  you  to  do? 

A  For  me  to  do,   no,    sir.     For  the  users,  yes. 

Q  Now,    I  want  to  talk  about  the  use  of 

executable  files  on  the  desktop  of  a  computer. 

A  Okay,  sir. 

Q  We  established  that  you  don ' t  need  admin . 

rights  to  do  that .  But  from  your  position  as  the  IAM 
could  computers  be  configured  to  where  that  would  not 
be  a  process  that  you  could  do,  that  you  couldn't  put 
an  executable  file  on  the  desktop  of  a  computer? 

A  There  are  systems  that  exist  that  would 

alert  you,   not  the  user,   but  would  alert  the 
administrators  to  the  use  of  executable  files  and  would 
not  allow  them  to  run,  yes. 

Q  I  know  you  weren't  in  control  of  the  D6— A, 

but  for  your  computers,   if  you  wanted  to,   and  say  for 
any  S6  computer  we  want  to  make  sure  no  executable 
files  are  run,   could  you  have  prevented  that  from 
happening? 

A  No,  sir. 
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Q  Why  not? 

A  I  did  not  have  the  system  that  the  Army  has 

purchased  to  prevent  those  types  of  events  from 
occurring. 

Q  So  it  was  a  resource  thing  for  you? 

A  Yes,    sir.      I  had  not  been  issued,  HPSS 

system  that  does  that . 

Q  But  that  was  possible,   if  you  got  resource 

of  that  system  you  could  prevent  somebody  from  using 
executable  file;   is  that  correct? 

A  More  or  less .      It  would  be  possible  if  I 

was  given  the  system  and  we  had  the  training  and  the 
understanding  to  properly  employ  the  system. 

Q  Okay.     Let's  talk  about  access  controls  on 

the  SIPRNET.     All  right? 

A  Sure,  sir. 

Q  Other  than  information  that  might  be 

password  protected,   were  there  any  access  controls  on 
the  SIPRNET  that  you're  aware  of? 

A  I'm  not  sure  what  you  mean,  sir. 

Q  If  I  had  SIPRNET  access  like  I  was  a  person 
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who  had  the  clearance,   had  a  computer  hooked  up  to  the 
SIPRNET,   was  there  any  limitation  on  what  I  could  go 
see  on  SIPRNET? 

A  Yes,  sir. 

Q  And  what  was  that  limitation? 

A  There  are  probably  hundreds,    if  not 

thousands  of  locations  on  SIPRNET  that  you  would  not  be 
able  to  go  to. 

Q  Because  of  why? 

A  Being  a  member  of  the  2nd  Brigade,  10th 

Mountain  you  had,   your  authorization  were  based  on 
being  a  member  of  my  domain.     As  a  member  of  my  domain, 
you  could  not  go  to  the,   you  know,   M  and  D  north  sites 
or  their  shared  drive  or  shared  point  portal  and  access 
anything  because  I  did  not  have  a  trust  relationship 
configured  in  my  extractor  that  allowed  us  to  share 
information,   that  sort  of  matter. 

You  could  not  go  to  Afghanistan  site  shared 
drive  or  any  location  and  pull  information  unless  we 
had  a  trust  established.     Or,   if  they  had  that 
alternate  distance  site  configured  in  such  a  manner 
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that  you  did  not  require  verification  of  your 
authenticity . 

Q  I  want  to  break  it  down.      If  I'm 

understanding  you  right .      I  could  go  on  at  a  SIPRNET 
computer  on  your  domain,    I  could  go  to  any  place  that 
you  had  a  trust  relationship  with? 

A  Inside  my  domain  you  could  go  to  any,  you 

can  go  to  SharePoint  portal.  You  could  go  to,  you  can 
go  to  the  T— drive .  You  can  go  to  any  of  the  locations 
we  had  that  were  available  to  general  users . 

We  had  some  locations  that  were  completely 
restricted  to  administrators  that  no  one  had  rights  to 
but  myself,   my  NCO,   warrants  and  a  few  other  guys. 

But  as  a  general  user,   you  could  go  to 
anywhere  within  my  brigade  that  was  not  specifically 
prohibited. 

Q  And  — 

A  Outside  of  the  domain,   outside  of  the 

brigade  we'll  say,  you  could  not  go  to  1st  Brigade  3rd 
ID,  you  could  not  type  in  their  address  in  the  URL  bar 
and  bring  up  their  site  and  access  any  information 
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unless  they  specifically  configured  their  systems  to 
allow  visitors .      If  you  allow  visitors  then  anyone  can 
have  access  to  what  you  give  visitors  access  to. 

And  that  goes  for  every  other  unit  on 
SIPRNET  in  the  world. 

However,   my  brigade,   because  we  work 
closely  with  certain  units,   we  had  a  trust  established, 
which  means  I  trust  all  of  their  users,   meet  the 
requirements,   they  trust  all  my  nets,   that's  the 
general  term.     The  trust  is  actually  the  connections 
that  allows  anyone  in  their  domain  access  to  mine  and 
allows  anyone  in  mine  access  to  the  far  domain. 

We  had  trust  established  with  several  of 
the  other  brigades  in  the  M  and  DB  area  and  with 
multinational  brigade  and  because  we  had  Corp.  level 
assets  on  my  network  that  I  managed  with  MNFI . 

Q  So  if  I  could  access  something  on  SIPRNET 

on  your  domain  then  if  I  could  access  it,    I  was 
permitted  to  go  there? 

A  I  think  you  have  that  backwards,  sir. 

Q  Based  upon  what  you  said,   everything  you 
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said  — 

A  If  you  had  access  and  it  was  not 

specifically  restricted,   you  had  the  ability  to  go 
there .     You  may  not  have  had  the  authority  to  go  there . 
Having  the  ability  to  go  somewhere  doesn ' t  mean  you 
have  the  need  to  know  or  the  authority  to  go  there . 
But  you  have  the  ability  to  go  there  and  view,  edit, 
remove  documents . 

Q  All  right .     So  I ' 11  try  to  simplify  it . 

A  Okay.     Sorry,    it's  very  complex. 

Q  I'm  trying  to  make  it  easy. 

If  I  go,    if  I  can  go  on  the  SIPRNET 
computer,    if  I  can  go  to  a  place  on  your  domain,   then  I 
have  at  least  access  to  it,   access  to  go  there, 
correct? 

A  You  have  the  —  there ' s  no  technical 

restriction  preventing  you  to  go  to  Captain  Tom 
Cherepko ' s  folder,   view,   edit,   remove  documents. 

Q  Then  there  is  the  separate  thing  you  talked 

about  that  you  might  have  access  but,   and  ability  to  go 
there,   but  maybe  not  the  authority  to  go  there,  is 
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that  — 

A  Yes,    sir.     For  example,    I  have  the  ability 

as  administrator  to  go  anywhere .     But  I  have  no  need  to 
go  to  the  medical  officer ' s  file  and  view  people ' s 
medical  records .     I  have  no  real  need  to  do  that  and  no 
authority  to  do  that . 

Q  And  were  you  aware  of  whether  or  not 

all-source  analysts  were  basically  told  they  could  look 
at  anything  they  wanted  to  that  they  had  access  to? 

A  I  don't  know  what  they  were  told,  sir. 

Q  So  that  would  be  a  no  then? 

A  No. 

Q  And  when  you  say  the  ability  and  the 

authorization,   if  you  had  the  ability  to  go  there 
because  of  your  domain  allowing  you  to  go  there  and  you 
had  the  authorization  from  your  supervisors  to  go 
there,   were  there  any  other  restrictions  on  access? 

A  There  were  no  technical  restrictions  that 

we  did  not  apply .     There  was  no  — 

If  your  supervisor  told  you  to  go  into  the 
S4  folder  and  find  how  much  fuel  the  brigade  uses  in  a 
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three— month  period  and  you  worked  in  the  medical 
company,   you  could  do  it. 

Q  With  regards  to  the  stuff  that  PFC  Manning 

had  access  to,   did  he  have  to  gain  access  to  that 
information  on  the  SIPRNET  by  hacking  anything? 

A  Inside  my  domain  or  outside  my  domain? 

Q  Inside  your  domain. 

A  I  would  say  no,  sir. 

Q  Did  he  need  to  break  any  encryption  or 

anything  to  get  access  to  anything  that  was  inside  your 
domain? 

A  No,  sir. 

Q  Did  he  need  to  circumvent  anything  to  get 

access  to  something  that  was  inside  your  domain? 

A  He  would  have  needed  to  circumvent  nothing 

technical . 

Q  So  maybe  the  only  restrictions  might  be  if 

he  had  authorization  from  a  supervisor  to  go,  using 
your  example,    if  I'm  in  the  medical  area,    I  might  not 
have  a  reason  to  go  to  S4C  or  fuel  consumption  for  the 
brigade  so  even  though  I  have  access  to  it,    I  might  not 
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have  the  authority  to  go  there  unless  my  boss  said,  you 
know  what,    it's  important  to  me,    find  out  how  much  fuel 
we ' re  using,   we  want  to  tell  them  how  much  medical 
needs? 

A  That  would  be  a  fair  assessment;   yes,  sir. 

Q  Now,    I  want  to  ask  you  about  being  the  I AM 

and,   as  far  as  going  to  the  brigade,   was  this  your 
first  duty  assignment  as  an  IAM? 

A  Yes,  sir. 

Q  And  my  understanding  is  you  basically,  was 

this  your  first  brigade  automations  officer  position  as 
well? 

A  It  was,    sir.      It  was  my  first  duty  position 

out  of  the  schoolhouse . 

Q  And  at  the  time  that  you  got  there,  were 

you  aware  that  the  IAM  was  responsible  for  verifying 
that  all  computers  under  their  oversight  were  properly 
certified  and  accredited? 

A  I  was  not,  sir. 

Q  And  as  part  of  that  process  were  you  aware 

that  you  had  to  submit  what's  called  a  DIACAPP  package? 
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A 


I  was  not,  sir. 


Q 


And  my  understanding  that ' s  a 


Department  of 


Defense  Information  Assurance  Certification  and 


Accreditation  Process  Packet;    is  that  right? 


A 


Sounds  about  right,  sir. 


Q 


Your  brigade  was  required  to  basically 


submit  one  of  those  packages,    correct,   the  DIACAPP 
package? 

THE  COURT:     What  is  it? 

MR.   COOMBS:     Delta,    India,   Alpha,  Charlie, 

Alpha,  PaPa. 

Q  Did  your  brigade  submit  the  required 

DIACAPP  package? 

A  Not  that  I  know  of  sir . 

Q  And  that  DIACAPP  package  was  basically 

designed,  supposed  to  be  designed  to  ensure  that  there 
was  a  disciplined  method  for  information  assurance? 

A  Sir,   the  systems  that  we  had  in  place  at 

FOB  Hammer  were  relatively  new  to  the  brigade  before 
they  deployed  and  certification  and  accreditation  is 
valid  for  three  years  so  there  would  have  been  no  need 
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to  submit  one  at  that  point . 

Q  Are  you  aware  of  whether  or  not  somebody 

higher  than  your  brigade  disagreed  with  that 
determination  you  just  made? 

A  I  am,  sir. 

Q  And  did  they  disagree  with  that 

determination? 

A  They  did,  sir. 

Q  And  so  the  DIACAPP  package,    going  back  to 

my  question,   that  was  supposed  to  ensure  a,   basically  a 
discipline  method  for  information  assurance  within  the 
brigade? 

A  It  is  the  paperwork  showing  that  the 

security  implementations  that  are  required  that  I  had 
in  place  were  in  place . 

Q  To  ensure  basically  a  discipline 

information  assurance  environment? 

A  It ' s  the  paperwork  that   just  shows  that 

what ' s  required  to  be  in  place  is  in  place . 

Q  And  I'm  sorry,    I  don't  mean  to  be  aloof, 

I'm  trying  to  get  an  answer  to  this  part  that  that 
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process  then  is  to  ensure  that  you  have  a  discipline 
information  assurance  environment.     That  you're  doing 
everything  you're  supposed  to? 

A  I'm  not  sure  what  the  regulation  or 

textbook  answer  is,    sir,   but  the  purpose  of  it  is  to 
validate  that  all  of  the  requirements  I  have  done. 

Q  And  those  requirements,   what's  the  purpose 

for  those  requirements? 

A  To  provide  security  for  the  network . 

Q  Thank  you. 

MR.   COOMBS:     No  further  questions. 
MR.   WHYTE:     One  minute,   Your  Honor. 
THE  COURT:  Yes. 

REDIRECT  EXAMINATION  BY  MR.  WHYTE: 
Q  Captain  Cherepko,   you  said  you  monitored 

the  network  to  see  if  there  were  any  movies,   music  and 

games  on  the  computer? 

A  I  did,   sir,   for  the  most  part  I  delegated 

to  IANCO  but  occasionally  I  did  it  personally. 

Q  How  often  would  you  search  the  network  for 

unauthorized  programs? 
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A 


Personally? 


Q 


Yes. 


A 


When  I  had  free  time . 


Q 


So  not  every  day? 


A 


No,   not  every  day. 


Q 


Why  not? 


A 


Because  I  had  a  —  I  had  an  IANCO  who 


performed  the  task  and  more  importantly  everyone  on  the 
network  had  a  security  clearance  and  signed  the 
agreement  that  they  wouldn't  do  unauthorized  things  so 
I  didn ' t  feel  the  need  to  search  every  moment  of  every 
waking  day . 

Q  Why  is  that? 

A  Because  everyone  was  trusted  to  do  what 

they  said  they  would  do. 

Q  So  defense  on  cross  asked  you  about 

accreditation  for  the  network? 

A  Yes,  sir. 

Q  If  the  network  were  actually  accredited  — 

A  I  believe  it  was,  sir. 

Q  —  okay,   what  would  prevent  a  soldier  from 
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actually  burning  classified  information  from  the 
network? 

A  The  accreditation  is  paperwork,    sir,  that 

stops  someone  from  doing  nothing. 

Q  What  about  leaving  the  SCIF,    for  instance, 

with  classified  information? 

A  That  would  not  prevent  it;   no,  sir. 

MR.   WHYTE :     No  more  questions,   Your  Honor. 
MR .   COOMBS :     Nothing  for  me ,   ma ' am . 
THE  COURT :      I  have  a  couple  of  questions . 
EXAMINATION  BY  THE  COURT: 
Q  With  respect  to  the  movies  and  the  games 

that  you  talked  about  that  were  on  the  T-drive,  do  you 
remember  were  they  on  there  when  you  arrived,  at  least 
were  some  of  them  on  there  from  prior  units? 

A  They  were .     The  T— drive  had  been  inherited 

from  several  previous  units  over  several  years  and  they 
were  there  from  the  day  we  arrived.     You  could  go 
almost  to  any  folder  from  the  Brigade  2nd  Airborne  and 
find  funny  movie  clips,  music. 

Q  You  testified  that  those  were  unauthorized 
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programs  and  files  on  the  —  would  you  consider  a  game 
or  music,   were  they  programs? 

A  The  movies  and  music  are  media  that  require 

a  program  to  operate.     Unless  they've  been  tampered  by 
people  with  mal  intent  to  do  executable  things  in  the 
background  and  that ' s  the  main  security  threat  for 
them.     They  can  be  modified  to  do  security  violations 
that  you  don ' t  know  about . 

Q  The  T— drive,    did  the  network  contain  a 

program  to  operate  them? 

A  The  movies? 

Q  Yes. 

A  Yes,  ma'am. 

Q  And  the  music  as  well? 

A  Yes,   ma'am.     The  Microsoft  Windows  media 

player  would  play  movies  and  the  music . 

Q  What  about  the  games? 

A  The  games  were  either  independent 

executable  files  or  they  were  scripts  written  inside  of 
Excel  spreadsheets  or  Word  documents .     Those  sorts  of 
programs  that  would  run  those . 
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But  the  majority  of  them  were  independent, 
executable  files  that  required  nothing  but  the  one  file 
that  you  would  double  click  on  and  run . 

Q  You  testified  earlier  that  you  would  go  to 

the  T— drive  and  remove  the  music  and  the  games  and  the 
things  that  were  unauthorized.     Other  than  yourself, 
was  there  —  you  said  they  kept  reappearing,   was  there 
in  your  opinion  a  command  laxity  about  enforcing  this? 

A  In  my  opinion ,   ma ' am? 

Q  Yes. 

A  More  or  less,  yes. 

You  know,   we  alerted  the  command  to  the 
presence  of  it .     The  reasons  for  why  it  is  unacceptable 
for  being  there,   both  regulatory  and  security-wise,  why 
they're  not  allowed  to  be  there,   but  yet  they  continued 
to  appear . 

I  tried  to  use  the  analogy  they  are  a 
information  security  negligent  discharge .     While  you 
may  assume  that  firing  a  weapon  into  a  barrel  doesn't 
hurt  anyone,   you  never  know. 

Q  Did  anyone  in  the  chain  of  command  tell  or 
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indicate  to  you  why  they  were  sort  of  letting  this  go? 
A  No ,   ma ' am . 

THE  COURT:     Any  followup  based  on  that? 
MR.   COOMBS:     The  defense  rests,  ma'am. 
MR.   WHYTE:     Maybe  two  questions,  Your 

Honor . 

THE  COURT:     That's  fine. 

CONTINUED  REDIRECT  EXAMINATION  BY  MR.  WHYTE: 

Q  Captain  Cherepko,   were  you  aware  of  any 

freeware  on  the  network,   a  freeware?     You  testified 
earlier  that  freeware  was  specifically  prohibited  under 
25—2,   were  you  aware  of  any  freeware  on  your  network? 

A  One  could  make  the  argument  that  the  games 

they  found  were  freeware . 

Q  Did  you  find  with  looking  through  the 

network  in  the  unauthorized  executable  files  outside  of 
games? 

A  No,   no,  sir. 

Q  Did  you  notify  the  command  of  anything 

other  than  music,   games,   movies  on  the  network? 

A  On  the  network?     Just  general  I A  violations 
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that  I  found.     An  example  is  one  of  the  FOB'S  we  had  an 
Iraqi  Army  unit  and  they  tried  to  splice  into  my  fiber 
with  copper,   which  would  never  work,   but  it's  still  an 
IA  violation.     So  I  alerted  them  to  that  as  well. 

Every  IA  violation  I  found  I  reported  to 

the  command . 

MR.   WHYTE:     Thank  you. 

MR.   COOMBS:     Just  a  couple  questions  based 

upon  that . 

CONTINUED  RECROSS  EXAMINATION  BY  MR.  COOMBS: 
Q  Were  you  looking  for  executable  files  on 

the  T-drive? 

A  Yes,  sir. 

Q  And  how  were  you  looking  for  them? 

A  I  would  do  a  search  for  all  files  that  end 

in  dot  EXE,    dot  VAT,    dot  VBS,    all  the  types  of 
executable  files . 

Q  Are  you  familiar  with  media  player  VLC? 

A  I  am. 

Q  Did  you  find  that  on  the  T-drive? 

A  Yes,  sir. 
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Q  And  was  that  an  authorized  media  player? 

A  I  believe  it  was;   yes,  sir. 

Q  What  do  you  base  that  on? 

A  I  recall,    I  believe  I  recall  looking  to 

find  out  if  it  was  authorized  because  it  was  there  and 
people  were  wanting  to  use  it .     And  they  were  wanting 
to  upgrade  to  the  newest  version  and  it ' s  version 
specific,  so. 

MR .   COOMBS :     Thank  you . 
THE  COURT:     Go  ahead. 
MR.   WHYTE:     One  question. 

CONTINUED  REDIRECT  EXAMINATION  BY  MR.  WHYTE: 
Q  When  you  searched  the  network  for  any 

music,   games,   would  you  actually  be  looking  at  a 
person's  desktop  as  well? 

A  No,    sir.      I  did  not  have  that  ability. 

Unless  I  walked  to  the  desk  and  looked,   but  no. 

THE  COURT:      I  don't  think  I  have  any 
further  questions.     Any  last  questions? 

MR .   COOMBS :     Carry  on . 

THE  COURT:     Temporary  or  permanent  excusal? 
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MR.   WHYTE:     Temporary,   Your  Honor. 

THE  COURT:     You're  temporarily  excused. 
Please  don't  discuss  the  case  with  anyone  other  than 
trial  counsel  or  the  accused  while  the  case  is  still 
going  on.     You  are  free  to  go. 

MR.   WHYTE:     Ma'am,   the  United  States  calls 
Mr.   Jason  Milliman. 

THE  COURT:     Are  you  all  set  to  go  without 
recess?     You  ready  to  go,   both  sides? 

MR.   COOMBS:     Defense  is  fine,   Your  Honor. 

THE  COURT:  Proceed. 

Whereupon, 

JASON  MILLIMAN, 
called  as  a  witness,   having  been  first  duly  sworn  to 
tell  the  truth,   the  whole  truth,   and  nothing  but  the 
truth,   was  examined  and  testified  as  follows: 
DIRECT  EXAMINATION  BY  MR.  WHYTE: 
Q  Your  name  is  Mr.   Jason  Milliman  from 

Charlottesville,  Virginia? 
A  Yes,  sir. 

Q  What  is  your  current  military  status? 
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A  Retired. 

Q  When  did  you  retire? 

A  August  31st  of  2005. 

Q  How  many  hours  did  you  serve  in  the 
military? 

A  21  years. 

Q  And  what  was  your  MOS  when  you  retired? 

A  33  Whiskey. 

Q  What  is  that? 

A  Electronic    (INAUDIBLE) . 

Q  Since  you  retired,   what  type  of  work  have 
you  been  involved  in? 

A  Contractor . 

Q  Have  you  deployed  as  a  contractor? 

A  Yes. 

Q  What  was  your  first  deployment  as  a 
contractor? 

A  November  of  2007. 

Q  And  how  long  was  that  deployment? 

A  Until  February  of  2009. 

Q  Where  were  you  stationed  during  this 
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deployment  ? 

A  Camp  Slayer,  Iraq. 

Q  What  were  your  responsibilities  at  Camp 

Slayer? 

A  I  was  a  main  hub  FSE  responsible  for  the 

monitoring  of  all  the  D6— A  servers  throughout  Iraq. 

Q  What  is  FSE? 

A  Field  software  engineer . 

Q  When  was  your  second  deployment  as  a 

contractor? 

A  June  of  2009. 

Q  And  how  long  was  that  deployment? 

A  18  months. 

Q  Where  were  you  stationed  during  this 

deployment  ? 

A  I  went  initially  to  JSS  Loyalty  then  to  FOB 

Hammer  and  finished  in  Camp  Ramadi . 

Q  When  did  you  arrive  at  FOB  Hammer? 

A  I  think  it  was  around  September  2009. 

Q  And  what  unit  were  you  with  when  you 

arrived  at  FOB  Hammer? 
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A  82nd. 

Q  When  82nd  redeployed,   what  unit  took  their 

place? 

A  210  Mountain. 

Q  You  were  at  FOB  Hammer  when  210  Mountain 

arrived? 

A  Yes,  sir. 

Q  Were  you  there  when  they  finally  redeployed 

back  to  Ft .  Drum? 

A  Yes,    I  was. 

Q  So  you  were  there  the  entire  time? 

A  Yes,  sir. 

Q  What  was  your  position  at  FOB  Hammer  with 

210  Mountain? 

A  It  was  a  different  type  FSE  they  called  it 

a  fly  away  FSE.     My  job  was  based  out  of  FOB  Hammer  to 
support  other  units . 

There  was  a  main  server  at  FOB  Hammer  and 
all  the  users  and  laptops .     They  were  stationed  at  — 
wherever  they  were  located,    I  fly  to  them  and  take  care 
of  their  machine  as  well . 
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Q  So  you're  responsible  for  the  D6— A 

machines? 

A  Correct . 

Q  What  is  the  purpose  of  a  D6  machine? 

A  It ' s  a  suite  of  tools  the  intelligence 

analysts  use  to  gather  the  required  data  they  need  to  I 
guess  exploit  the  intelligence . 

Q  And  what  network  were  these  D6  machines 

hooked  up  to? 

A  SIPR. 

Q  To  your  memory  how  many  D6  machines  were  at 

FOB  Hammer? 

A  Roughly  35 . 

Q  To  access  a  D6  machine,   did  you  have  to 

insert  a  Linux  operating  system? 
A  No. 

Q  Where  did  you  work  at  FOB  Hammer? 

A  In  the  SCIF. 

Q  How  do  you  know  PFC  Manning? 

A  He  was  also  in  the  SCIF. 

Q  What  did  you  know  about  PFC  Manning ' s 
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computer  skills? 

A  Only  what  I  heard,    either  him  talk  about  or 

others .     I  guess  he  had  a  computer  business  at  some 
point  and  he  made  a  few  comments  about  his  skills . 

Q  What  did  PFC  Manning  say  about  his  computer 

business? 

A  I  just  remember  at  one  point  we  talked 

about  problems  and  he  said  that  if  it  was  a  problem 
that  was  taking  too  long  for  his  liking,   he  would 
(INAUDIBLE)   his  machine  until  the  customer  couldn't  fix 
it. 

Q  What  else  do  you  know  about  PFC  Manning's 

computer  skills? 

A  He  made  a  couple  comments.     There  was  one 

comment,   there  was  no  computer  he  couldn't  hack  into, 
if  people  really  knew  what  he  would  do  with  computers, 
they  would  be  amazed. 

Q  Did  PFC  Manning  have  issues  with  his 

computer  at  FOB  Hammer? 

A  Yes,   he  did. 

Q  And  can  you  explain  what  those  issues  were? 
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A  His  co— user,   Madaras  was  his  name,  he 

approached  me  first.     He  was  the  day  shift.     Telling  me 
that  his  computer  was  acting  funny. 

MR.   COOMBS:     Objection,   Your  Honor. 

Hearsay . 

MR.   WHYTE:     Just  a    (INAUDIBLE)   to  elicit  to 
see  what  steps  he  took  in  response  to  the  computer 
problems  that  they  were  having. 

THE  COURT:     Ask  him  if  he  learned  if  there 
were  computer  problems  yes  or  no  and  what  he  did. 
BY  MR.  WHYTE: 

Q  Did  you  learn  of  computer  problems? 

A  Yes,    I  did. 

Q  What  did  you  do  in  response  to  those 

computer  problems? 

A  My  standard  steps  are  to  have  a  user 

recreate  the  problem  in  front  of  me  so  I  can  see  what 
symptoms  there  are  and  then  troubleshoot  from  that 
point . 

Q  What  were  some  of  those  troubleshooting 

tactics  that  you  employed? 
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A  Based  on  the  symptoms  that  I  was  given  I 

tried  to  see  if  there  was,   first,    fragmentation  on  the 
drive  that  may  have  caused  poor  performance  of  the 
applications  so  see  if  the  hard  dive  was  running  out  of 
space,   which  may  have  been  contributed  to  some 
fragmentations  as  well.     See  if  their  user  profiles  are 
corrupt  and  barring  all  of  that,    reimage  his  machine. 

Q  So  if  the  profile  became  corrupt,   how  would 

that  happen? 

A  A  lot  of  users  would  store  everything  they 

had  on  their  desktop  and  I  explained  to  them  it  was 
kind  of  like  snow  on  the  roof  of  your  house .     Your  roof 
is  not  meant  for  all  the  snow,   eventually  it ' s  going  to 
cave  in  and  crash.     So  they  stored  all  of  the  data  on 
the  desktop.     It  eventually  would  crash  the  profile. 

Q  What  steps  did  you  have  to  take  if  the 

profile  was  corrupt? 

A  Usually  they  couldn ' t  log  in  so  I  would 

take  another  hard  drive,   take  their  hard  drive  out  and 
put  another  one  in  the  place  that  had  a  similar 
operating  system,   everything  was  exactly  the  same . 
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Pull  the  information  from  that  hard  drive  like  a  USB 
drive,   you  would  pull  it  to  the  new  drive  and  let  them 
start  over . 

Q  Is  this  the  reimaging  process? 

A  Yes,    I'm  sorry,    I'm  nervous,   that's  the 

reimaging  process.     But  only  a  corrupt  profile,    I  can 
move  the  data  to  another  folder,   delete  the  profile, 
have  them  log  in  and  create  another  profile. 

Q  Do  you  remember  what  steps  you  took  with 

the  PFC  Manning  computer? 

A  I  do  remember  we  had  to  reimage  it  several 

times . 

Q  Can  you  explain  what  if  this,   again  for  the 

court,   what  this  reimaging  process,    literally  the 
soldier  brings  you  the  computer  and  what  did  you  do 
with  it? 

A  After  exhausting  my  other  troubleshooting 

steps,   once  I  determined  that  the  computer  had  to  be 
reimaged,    I  had  a  stack  of  spare  drives .     In  the 
interest  of  time  so  the  analyst  could  get  back  to  work, 
I  would  take  the  old  hard  drive  out  and  insert  the  new 
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hard  drive  and  configure  the  network  settings . 

Once  the  computer  was  back  up  and  running 
as  quickly  as  possible,    I  would  then  connect  the  old 
hard  drive  to  the  new  hard  drive  through  the  USB  port 
and  universal  hard  drive  adapter  and  get  the  data  that 
he  or  she  had  to  have  from  that  drive  and  transfer  it 
back  to  new  drive . 

Q  And  how  often  did  PFC  Manning  have  issues, 

and  I  think  it's  Sergeant  Madaras  as  well,   how  often 
did  they  have  issues  with  their  computers? 

A  Much  more  frequently  than  anyone  else . 

Q  Was  PFC  Manning  authorized  to  repair  the  D6 


computer? 
A 

Q 
A 

Q 
A 

Q 

computer? 
A 


No. 

Who  was  authorized? 
Just  me . 

So  did  you  actually  reimage  their  computer? 
Yes,    I  did. 

How  many  times  did  you  reimage  their 

I  don't  recall  exam  how  many  times.      I  know 
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it  was  at  least  three . 

Q  Is  that  odd? 

A  It's  odd. 

Q  Why?     Can  you  explain  why? 

A  Unless  there's  hardware  failures,   once  a 

machine  is  imaged,    it ' s  good  until  something  drastic 
happens  to  it . 

If  they  run  out  of  hard  drive  space  causing 
the  operating  system  to  crash  or  something  or,  you 
know,   if  the  hard  drive  fails  itself,   there's  no  need 
to  reimage  the  machine . 

Q  In  your  experience  how  long  did  it 

generally  take  before  it  needed  to  be  reimaged  again? 

A  Manning's  computer  or  others? 

Q  Others . 

A  In  general,   unless  there  was  a  hardware 

failure  or  something  catastrophic,    it  didn't. 

Q  When  did  PFC  Manning  and  Sergeant  Madaras 

have  computer  issues  during  the  deployment,   at  what 
stage  of  the  deployment? 

A  Shortly  after  82nd  left  I  remember  Madaras 
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approached  me  first  and  a  few  other  times  after  that 
and  relatively  short  order,  like  a  month  or  so  after 
the  previous  reimaging. 

Q  And  at  that  time  in  the  deployment,  how 

many  spare  hard  drives  did  you  have? 

A  Probably  five  or  six. 

Q  Was  that,   is  that  a  lot  or  a  little? 

A  That ' s  probably  relatively  a  lot . 

Q  Let ' s  talk  about  administrator  rights  on 

the  D6  machine.     Who  had  administrator  rights  on  the  D6 
machines? 

A  I  had  rights  and  the  mentor,   his  name  is 

Marvin  Gammage    (phonetic) .     He  was  the  mentor. 

Q  So  which  soldiers  of  210  Mountain  had 

administrator  rights? 

A  None . 

Q  Did  PFC  Manning  have  administrator  rights? 

A  No. 

Q  So  what  does  it  mean  you  were  the 

administrator  of  the  D6  machines? 

A  You  have  full  control  of  the  machine. 
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Q  So  like  what  things  can  you  do  that  an 

ordinary  user  cannot  do? 

A  If  there  was  Google  Earth  or  Microsoft 

Office  or  something  like  that  we  installed,    I  could 
install  it  with  full  rights  and  privileges  without  any 
restrictions . 

Q  So  was  PFC  Manning  authorized  to  install 

programs  on  the  D6  machine? 

A  No,   he  was  not. 

Q  What  happened  if  a  soldier  wanted  a  program 

for  his  D6  machine  but  it  wasn't  actually  on  the 
computer? 

A  He  needed,   he  or  she,   needed  to  contact  me 

and  if  it  was  an  authorized  program  that  I  was  allowed 
to  install,    I  would  install  it. 

If  I  didn't  know  if  it  was  authorized,  I 
would  contact  Camp  Slayer  lead  FSE  that  was  stationed 
at  Camp  Slayer  and  make  the  request  to  him  and  usually 
we  were  supposed  to  fill  out  an  official  software 
request  form  but  it  was  usually  done  word— of —mouth . 

They  were  determined  at  Camp  Slayer  if  it 
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was  authorized  and  if  it  was  they  would  tell  me  to  load 
it;   if  it  was  not,    I  couldn't  load  it. 

Q  When  you  were  at  FOB  Hammer,   were  familiar 

with  Wget? 

A  No. 

Q  When  you  were  at  FOB  Hammer,    did  any 

soldier  request  permission  to  put  Wget  on  their 
computer? 

A  I  do  not  recall  anyone  asking  for  it . 

Q  At  FOB  Hammer  did  you  install  Wget  on  any 

D6  computer? 

A  Not  that  I  can  recall . 

Q  Are  you  familiar  with  what  an  executable 

file  is? 

A  I  believe  I  am,   yes . 

Q  What  is  an  executable  file? 

A  An  executable  file  is  something  that  runs 

on  its  own.      It  doesn't  require  other  files  to  operate, 
I  guess . 

Q  Are  you  familiar  with  the  installation 

process  for  an  executable  file? 
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A  Relatively,  yes. 

Q  What  is  that  process  generally? 

A  Normally  it  will  have  some  sort  of 

interactive  GUI  telling  you  to  do  a  certain  process  of 
steps  to  install  it.     Normally  for,    like,  Microsoft 
Office  or  something,   you  would  make  modifications  to 
system  files  or  registry,   that  kind  of  thing. 

Q  Is  Microsoft  Office  an  executable  file 

itself  is  an  executable  file? 

A  I  don ' t  know  that  I  know  the  correct  answer 

to  that.     I'm  just  using  that  as  an  example  to  make 
modifications  to  a  file. 

Q  So  could  a  soldier  put  an  executable  file 

on  their  D6  machine? 

A  They  could,   but  they  wouldn ' t  be 

authorized. 

Q  Who  was  authorized  to  put  executable  files 

on  the  D6  machines? 

A  Just  me  or  other  FSEs . 

Q  How  would  using  an  executable  file  allow  a 

user  to  circumvent  and  he  would  actually  contact  you? 
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A  Can  you  say  that  again? 

Q  How  would  using  an  executable  file 

circumvent  the  need  to  come  to  you,   the  administrator? 

A  If  I  understand  the  question  correctly,  a 

user  could  install  the  executable  file  on  the  desktop 
without  coming  to  me  even  though  it  wouldn ' t  be 
authorized? 

Q  When  you  were  at  FOB  Hammer,   was  Wget  an 

authorized  executable  file? 

A  I  don't  recall  but  I  don't  believe  so. 

Q  Do  you  know  if  PFC  Manning  had  Wget  on  his 

computer? 

A  I  do  not  know. 

Q  You  testified  earlier  that  you  were,  you 

were  responsible  for  the  D6  machines? 
A  Correct . 

Q  How  did  you  not  know  if  PFC  Manning  had  a 

program  on  his  computer? 

A  I  didn ' t  go  behind  ever  user  on  a  daily 

basis  to  find  out  if  they  had  installed  something.  It 
was  understood  or  I  thought  it  was  understood  that 
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we ' re  all  in  a  position  of  trust  so  that  was  not 
something  that  was  normally  done . 

MR.   WHYTE :     No  more  questions,   Your  Honor. 
THE  COURT:  Cross-examination? 
MR.   COOMBS:     Yes,   Your  Honor. 
CROSS-EXAMINATION  BY  MR.  COOMBS: 
Q  Mr.   Milliman,   how  are  you? 

A  Good,   how  are  you? 

Q  Just  a  few  questions  for  you . 

I  want  to  talk  about  some  problems  that  the 
D6— A  computer  had  due  to  the  environment,   okay.  Is 
that  all  right? 

A  Yes,  sir. 

Q  Now,   heat  was  a  major  problems  for  the  D6— A 

computers,  correct? 

A  In  the  beginning  it  was .     But  we  overcame 

that  with  some  creative  methods  like  using  Gatorade 
bottle  caps  to  elevate  it  off  the  desktops  to  get  more 
air  flow  in  there . 

Q  And  the  D6— A  they  would  run  hot  even  if 

they  were  in  an  air  conditioned  room  so  you  had  to  do 
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those  kind  of  creative  steps? 
A  Correct . 

Q  And  in  addition  to  heat,   the  dust  from 

being  in  the  desert  was  a  problem  for  the  D6— A 
computers? 

A  Correct.      It  was,   very  frequently  it  was, 

it  was  required  to  frequently  use  cans  of  air  to  blow 
the  dust  out  of  the  machines . 

Q  That ' s  what  I  was  going  to  ask .     You  would 

go  around  behind  them  and  you  would  spray  the 
computers,   basically  to  blow  out  the  dust? 

A  A  lot  of  cans  of  air;   yes,  sir. 

Q  Now,   the  computers  still,    in  spite  of  doing 

these  things,   the  creative  put  a  bottle  cap  underneath 
or  blow  the  dust,   they  would  occasionally  crash? 

A  Occasionally. 

Q  And  with  regards  to  the  D6-A  computers, 

from  your  experience,   there  was  usually  always  at  least 
two  users  on  each  D6— A  computer;    is  that  right? 

A  For  the  most  part,    I  believe  that's  true. 

Q  Now,   the  D6-A  computers,   at  least  from  the 
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users  profiles,  those  could  be  corrupt  if  one  or  both 
of  the  users  were  storing  a  lot  of  information  on  the 
desktop? 

A  If  one  of  the  two  users  stored  a  lot  of 

information  on  the  desktop  only  their  profile  would  be 
corrupt . 

Q  Yeah,    I  think  you  used  an  example  of,  like, 

you  know,    snow  — 
A  Right . 

Q  —  basically  piling  up  on  top  of  your  roof 

and  caves  in  because  of  the  weight? 
A  Correct . 

Q  So  if  one  or  both  of  the  users  were  storing 

a  lot  on  the  desktop,   one  or  both  of  the  user  profiles 
would  become  corrupt? 

A  One  user  couldn ' t  make  another  user ' s 

profile  become  corrupt  because  of  what  they  did  to 
their  profile. 

Q  So  it  would  only  be  the  user  profile  that 

had  too  much  information  that  would  be  corrupt? 

A  Correct . 
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Q  You  talked  about  Madaras  coming  to  you 

complaining  about  his  computer  that  he  shared  with  PFC 
Manning.      It  was  Madaras  coming  to  you  to  complain 
about  the  computer,  correct? 

A  Correct .     He  was  the  first  one  I  saw 

because  he  was  on  day  shift . 

Q  It  wasn ' t  PFC  Manning  coming  to  you  to 

complain  about  the  computer? 

A  I  don ' t  recall  him  —  he  could  have 

complained  but  I  don ' t  recall .     I  just  remember  Madaras 
because  he  was  the  first  one  I  saw  in  the  morning, 
that's  how  it  started. 

Q  And  I  guess  you  said  sometimes  you  had  to 

reimage  based  upon  the  problems  that  you  encountered? 

A  Correct . 

Q  Did  you  have  to  reimage  the  computer  of  PFC 

Manning  and  Sergeant  Madaras? 
A  Yes. 

Q  And  again,   that  was  based  upon  Sergeant 

Madaras  coming  to  you  saying  I ' ve  got  problems  with 
this  computer? 
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A  The  reimaging  was  based  on  my 

troubleshooting,   my  diagnosis  of  what  was  the  other 
steps  that  had  failed  to  correct  the  problem. 

Q  What  precipitated  the  other  steps  was 

Madaras  coming  to  you,   not  PFC  Manning? 

A  I  believe  so. 

Q  Now,   whenever  you  would  try  to  fix  a 

computer  that  crashed,   sometimes  you  would  retrieve 
information,  correct? 

A  You  mean  take  their  information  that  they 

wanted  to  save  and  save  it  somewhere  else? 

Q  Maybe  that's  a  bad  question. 

If  a  computer  crashed,    sometimes  you  could 
save  all  the  information  and  sometimes  you  couldn't;  is 
that  right? 

A  Sometimes  I  could  save  the  user ' s  data  and 

sometimes  I  couldn't,  correct. 

Q  Okay.     When  you  were  looking  I  guess  at 

Sergeant  Madaras  and  PFC  Manning's  computer,  did  you 
ever  look  to  see  what  they  had  on  their  desktop  that 
was  causing  the  problems? 
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A  Well,   it's  not  always  the  desktop  that  is 

the  problem,   but  I  would  usually,   the  standard 
operating  procedure  I  guess  you  call  it,    I  would  see, 
being  the  size  of  the  desktop,   if  they  had  a  large 
amount  of  data  I  would  say,   hey,   you  need  to  move  that 
to  My  Documents  folder.     Otherwise  you're  going  to  have 
a  profile  crash. 

I  would  see  if  the  hard  drive  is 
fragmented.     I  would  see  if  they  were  running  out  of 
hard  drive  space . 

And  if  those  things  all  seemed  in  order  and 
I  couldn ' t  find  another  way  to  fix  the  problem,    I  would 
give  them  an  opportunity.     I  could  tell  them  I  can 
delete  your  profile  and  recreate  a  new  one  or  I  can 
reimage  your  machine .     And  usually  they  would  just  opt 
to  have  the  machine  reimaged  and  skip  that  step. 

Q  At  least  the  time  that  you  reimaged  the 

computers  from  your  memory,    I  know  it's  been  a  while, 
but  from  your  memory  it  was  Madaras  asking  you  to 
reimage  the  computers  and  not  PFC  Manning? 

A  I  don't  know  100  percent  who  requested  but 
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I  would  say  probably  Madaras . 

Q  Okay.      I  want  to  ask  you  a  few  questions 

about  adding  software  to  the  D6-A  computer.     All  right? 

A  Sure . 

Q  And  I  believe  you  said  on  direct  that  you 

were  the  only  one  authorized  to  do  that? 
A  Correct . 

Q  So  if  somebody  wanted  something  they  would 

come  to  you  and  say  Mr.  Milliman,    could  I  please  add  or 
could  you  add  this  software  onto  my  D6-A  computer? 

A  Correct . 

Q  And  they  would  do  that  because  you  were  the 

only  one  in  addition  to  another  civilian  that  had 
administrator  rights  on  those  D6— A  computers? 

A  Correct . 

Q  If  you  were  asked  to  put  a  program  onto  the 

D6-A  computer  could  you  tell  us  what  the  process  was 
that  you  would  go  through  in  order  to  determine  that 
yes,    I  will  do  that,   or,   no,    I  won't  do  that? 

A  If  a  user  approached  me  requesting  a 

program  to  be  loaded  onto  the  D6-A  that  wasn't  part  of 
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the  baseline,   for  instance  there  was  a  compression 
program  that  they  use  as  a  standard  tool .     And  at  the 
first  request  I  didn't  know  it  was  authorized  or  not, 
so  I  would  contact  the  lead  FSE,   field  software 
engineer,   at  Camp  Slayer,   who  would  then  either  be  able 
to  give  me  a  direct  answer,   or  if  he  didn't  know  the 
answer  he  would  find  out  the  answer  and  get  back  to  me 
whether  it  was  authorized  or  not. 

If  it  was  authorized  I  would  install  it;  if 
not  I  wouldn ' t . 

Q  Was  there  ever  a  time  where  —  do  you 

remember  the  brigade  commander  for  the  210  Mountain,  do 
you  remember  who  that  was? 

A  No,    I  don't. 

Q  Does  Colonel  Miller  sound  familiar? 

A  Yes  and  no .      It ' s  a  very  common  name  but  I 

don ' t  recall  that  being  the  commander . 

Q  Do  you  recall  a  time  wherein  the  brigade 

commander  came  to  you  and  said,  I  want  to  get  mIRC  chat 
on  to  my  D6— A  computers? 

A  I  don't  recall  it  but  it's  quite  possible 
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that  it  happened . 

Q  Do  you  recall  ever  the  brigade  commander 

signing  a  form  saying  I  want  the  D6— A  computers  to  have 
mIRC  chat,    I'm  going  to  take  responsibility  for  that 
because  it ' s  not  part  of  the  baseline  package .     Here ' s 
the  form,   go  make  it  happen. 

A  I  don't  recall  that  series  of  events  but  I 

know  there  were  letters  and  the  standard  —  we  had  like 
a  little  book  of  memorandums  and  letters  from  certain 
folks  accepting  risk  and  so  forth. 

I  know  that  mIRC  chat  was  not  on  the 
baseline,   the  standard  baseline  for  D6— A  but  it  was 
granted  authority  because  it  was  the  tool  of  choice  for 
both  the  82nd  and  210th  Mountain  Division  and  other 
units  as  well.      So  they  stopped  using  the  D6-A 
collaboration  tool  and  started  using  mIRC  chat .      So  it 
was  common  for  me  to  load  mIRC  chat  on  D6— A. 

Q  So  when  you  did  that  from  your  memory,  I 

know  it's  been  a  while,   but  based  upon  your  memory, 
that  wasn't  at  the  request  of  the  brigade  commander? 

A  I  would  say  that ' s  a  fair  statement .  I 
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don't  recall  that  being  directly  from  the  brigade 
commander . 

Q  And  mIRC  chat,   the  D6— A  computer  had  as 

part  of  its  baseline  package  a  program  called  cyb  jabber? 
A  Say  it  again? 

Q  Right .     For  the  baseline  package  for  mIRC 

chat,   the  collaborative  tool,   the  communication  tool 
that  they  had  was  cyb  jabber;   is  that  correct? 

A  I  think  cyb  jabber  was  a  collaboration  tool 

for  D6-A. 

Q  That ' s  what  I  mean . 

A  Yeah,    I  think  mIRC  chat  was  a  collaboration 

tool  they  wanted  to  use  instead  of  cyb  jabber. 

Q  Exactly.      So  they  were  asking  you  to  put 

something  on  that  was  not  the  baseline  tool  — 

A  Correct . 

Q  For  the  D6-A  computer? 

A  Correct . 

Q  And  from  your  memory  then  you  were  the  one 

adding  mIRC  chat  to  anybody ' s  computer  that  asked  for 
it,   based  upon  once  you  got  approval? 
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A  When  I  first  deployed  my  second  deployment 

as  a  fly  away  FSE  with  the  82nd  was  my  first 
introduction  that  I  recall  of  mIRC  chat .     So  I  went 
through  the  same  steps  I  described  earlier. 

Contacted  the  lead  FSE  at  Camp  Slayer. 
They  determined  it  was  a  authorized  program  to  be 
installed  so  from  that  point  on  I  would  install  it . 

So  when  I  would  reimage  a  machine  or  when 
the  210  Mountain  came  in,   it  became  a  standard  tool 
that  I  installed  in  all  the  D6— A  machines. 

Q  When  you  installed  it  on  all  of  the 

machines,   there  would  be  no  need  for  PFC  Manning  then 
to  go  to  somebody ' s  computer  and  put  mIRC  chat  on  their 
computer? 

A  That ' s  correct . 

Q  And  at  least  from  your  business,    if  PFC 

Manning  was  asked  to  put  mIRC  chat  on  somebody ' s 
computer,   that  would  not  have  been  something  you  would 
have  approved  of? 

A  Correct . 

Q  I  know  you  used  the  example  of  an 
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executable  file,    I  just  want  to  make  sure  that  we  will 
have  a  common  understanding  of  that . 

If  I  had  an  executable  file  and  I  wanted  to 
put  it  on  my  desktop,    something  that  I  double  click  and 
it  ran,    could  I  do  that,   not  from  the  standpoint  of 
approval,   but  could  I  do  that  as  far  as  the  ability  to 
do  it? 

A  Yes,   the  ability  is  there  although  the 

authorization  is  not . 

Q  And  from  your  position,    if  the  D6— A 

computers,   if  you  wanted  to,   could  you  position  the 
D6— A  computers  in  such  a  way  to  prevent  a  person  from 
having  the  ability  to  put  an  executable  file  on  the 
desktop? 

A  I  believe  the  only  way  to  restrict  that  to 

take  away  all  the  privileges  of  the  user  to  write  to 
their  own  desktop .     I  think  that  would  severely  impact 
the  analysts  mission. 

Q  So  from  your  position  and  knowledge,  there 

was  no  way  to  prevent  somebody  from  putting  an 
executable  file  on  the  desktop  short  of  eliminating 
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their  ability  to  write  anything  to  the  desktop  from? 
A  My  opinion,  yes. 

Q  Obviously  that  didn't  happen  because  the 

soldier  had  the  ability  to  put  stuff  on  their  desktop; 
is  that  right? 

A  Yes. 

Q  And  because  they  could  put  it  on  their 

desktop,   if  a  soldier  wanted  to  they  could  put  games, 
music,   movies  and  executable  files  on  their  desktop? 

A  That ' s  true . 

Q  Now,    in  the  past  you  had  noticed  that 

soldiers  had,  in  fact,  placed  music  on  their  D6— A 
computers? 

A  Correct . 

Q  And  games  as  well? 

A  I  can't  say  for  certain  the  210  did.  I 

know  other  units  had,   but  I  can't  recall  if  the  210th 
did  or  not . 

Q  And  having  games  and/or  music  or  executable 

files  or  whatnot  on  your  D6— A  computer,   that  wasn't 
allowed? 
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A  It  was  not  authorized. 

Q  From  your  position? 

A  From  my  position,  yeah. 

Q  But  even  because  you  didn ' t  think  it  was 

allowed,   you  didn't  feel  that  you  were  in  the  position 
to  tell  the  soldier,   hey,   take  that  off  your  D6-A 
computer? 

A  I  had  no  authorization  to  tell  a  user  what 

to  put  or  remove  from  the  computer .      I  can  only  make 
suggestions . 

Q  When  you  made  suggestions,    I  imagine  you 

might  make  suggestions  to  the  soldier  and  then  their 
immediate  supervisor? 

A  Correct . 

Q  And  then  whether  or  not  the  soldier  or 

supervisor  chose  to  follow  your  suggestions,  you 
wouldn't  know  at  that  point? 

A  Yeah,   that's  not  for  me  to  know. 

Q  And  I  know  you  said  you  weren ' t  making  it  a 

habit  of  looking  at  what  soldiers  were  and  were  not 
placing  on  their  D6— A  computers? 
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A  Right .     The  only  time  I  would  see  the 

computer  is  when  I  had  to  provide  updates  to  the 
operating  system  or  security  patches  or  if  I  had  to 
reimage  the  machine . 

Q  So  based  upon  that  I  guess  you  wouldn ' t 

know  how  prevalent,   if  at  all,   it  was  for  soldiers  to 
put  executable  files  on  their  D6— A  computers? 

A  Correct . 

Q  Now,   based  upon  your  experience,   you  did 

have  situations  where  in  the  past  you  had  military 
members  trying  to  crack  the  password  to  the  D6— A 
computer? 

A  When  there ' s  a  riptow,    it  was  a  common 

occurrence  — 

Q  I'm  sorry  to  stop,   the  riptow  is  when  two 

units  were  swapping  — 

A  Overlap.     One  would  leave    (INAUDIBLE) . 

Changes  in  authority.     The  new  unit  coming  in  would 
bring  in  their  D6— A.     The  standard  philosophy  I  guess 
or  belief  of  the  unit  is  they're  our  machines,   we  have 
full  rights,   you  can't  have  them  as  your  privileges. 
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So  there  was  a  special  letter  signed  by 
somebody  saying  that  only  the  D6— A  FSE  had 
administrative  privileges  not  the    (INAUDIBLE) .     So  in 
the  very  beginning  there  was  friction  but  we  got  that 
ironed  out  so  there  were  a  couple  of  cases  where  they 
would  crack  my  password  and  remove  the  administrator 
account  and  we  would  battle  it  out . 

Q  Essentially,   my  understanding  is  it  was 

basically  you  educating  the  military  side  of  the  house, 
although  you ' re  using  these  computers  and  although 
they're  on  your  network,   these  are  not  your  computers, 
is  that  a  fair  statement? 

A  Not  entirely.      It  was  their  computer  but 

because  of  the  delicacy  of  the  program  and  the  suite  of 
tools  it  used,  it  required  only  the  D6— A  administrators 
to  be  the  ones  to  have  the  full  administrator  rights  on 
those  machines . 

Q  So  you  would  educate  them,   because  of  how 

everything  was  set  up,  even  though  it's  on  your  system, 
you  use  it,  technically  it  is  your  computer  you  pay  for 
it,   but  you  don't  have  the  ability  to  tinker  with  it? 
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A  Correct . 

Q  Now,    in  the  past  also  whenever  you  would 

give  or  put  mIRC  chat  onto  a  computer,    it  was  a 
specific  version  of  mIRC  chat;    am  I  correct? 

A  I  don ' t  recall  but  it  probably  was . 

Q  Because  authorization  for  programs  was 

version— based;   am  I  not  correct?     You  wanted  to  make 
sure  it  didn't,    it  was  compatible  with  everything  else 
so  it  had  to  be  tested  that  particular  version? 

A  Those  tests  would  have  been  run  by  the  FSEs 

at  Camp  Slayer  so  I  don ' t  know  and  I  don ' t  think  I  can 
speak  to  versions  because  I  don't  recall  if  there  was 
different  versions  of  mIRC  chat . 

Q  If  you  don't  feel  you  can  answer  this  you 

can  tell  me  I  don't  feel  I  can  answer  it  and  I  won't 
worry  about  it . 

In  your  experience  whenever  you  have  got 
approval  for  a  certain  program,   was  it  a  version— based 
approval  or  was  it  for  the  lifetime,   you  could  always 
add  whatever  version  you  wanted  of  that  particular 
program? 
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A  I  think  I  can  answer  but  it  may  be  a 

lengthy  answer. 

Q  Go  right  ahead. 

A  We  would  have  —  the  Camp  Slayer  FSE ' s 

would  deliver  new  images  to  be  used  on  D6— A  machines. 
Those  images  would  contain,   for  instance,   if  there  was 
a  new  version  of  a  program  on  that  image,   if  a  new 
image  or  a  new  version  of  mIRC  chat  would  be 
authorized,   it  would  come  with  notes  saying  now  we're 
using  version  B  or  C  or  whatever  of  this  program,  start 
using  this  now. 

We  also  had  CDs  that  we  carried  that  had 
tools  to  use  when  we  troubleshoot  or  other  programs 
that  weren't  on  the  standard  D6— A  baseline  to  load  on 
those  user  machines  if  needed,    like  the  mIRC  chat  or 
whatever . 

So  although  I  don't  recall  if  there  were 
different  versions  of  mIRC  chat,    it's  possible.     But  it 
would  have  been  tested  and  vetted  before  it  was  allowed 
to  be  installed. 

Q  So  if  I'm  understanding  correctly,    if  you 
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came  back  and  you  said  version  B  is  the  one  that ' s 
approved  and  that's  the  one  that  is  now  the  baseline, 
that's  approved,    and  we  have  got  the  version  BCD;  if 
the  following  day  I  said,   hey,   Mr.   Milliman  I  just 
found  out  version  C  is  available  online,    I'm  going  put 
on  it  my  computer,   you  would  say  no? 
A  Correct . 

Q  Okay.     So  that  approval  was  then  for  that 

version  and  if  you  had  a  newer  version,   you  were  not 
supposed  to  put  that  on  your  computer? 

A  Not  until  it  was  authorized. 

Q  In  your  past  experience  you  knew  of 

soldiers  who  liked  to  have  the  latest  version  of  any 
particular  software,  right? 

A  All  soldiers  like  to  have  the  latest 

software  but  they  didn't  always  get  what  they  wanted. 

Q  Do  you  recall  ever  having  a  situation  where 

you  did  have  soldiers  putting  more  recent  versions  than 
they  should  have  on  their  D6— A  computer? 

A  No,    I  don't. 

Q  You  don ' t  remember  ever  telling  me  about  a 
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lieutenant  who  would  do  that  because  they  liked  having 
the  latest  version  of  anything? 

A  I  recall,    I  don't  recall  the  rank,   but  I 

recall  an  officer  in  the  beginning  getting  the 
compression  program  installed  on  his  computer.  And 
that ' s  when  we  had  the  password  cracking  and  removing 
of  my    (INAUDIBLE)   account  but  I  don't  recall  any  other 
instance  than  that . 

Q  So  it  was  something  early  on  when  they  put 

something  on  and  you  basically  told  them  hey,  you're 
not  supposed  to  do  this? 

A  Right . 

Q  Mr.   Milliman,    again,    I  appreciate  your 

time.     Thank  you. 

THE  COURT:  Redirect? 

MR.   WHYTE:     No  questions,   Your  Honor. 

THE  COURT :      I   just  have  a  couple . 

EXAMINATION  BY  THE  COURT: 
Q  Is  mIRC  chat  an  executable  file? 

A  I  think  it  is .      I'm  not  an  expert  on  it. 

But  from  what  I ' ve  read  because  it  was  one  of  the 
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questions  that  came  up,   it's  a,   it  appears  to  be  a 
program  that  can  be  downloaded  and  installed  directly 
on  your  desktop. 

Q  When  you  had  two  users  like  Sergeant 

Madaras  and  PFC  Manning  and  one  worked  the  day  shift 
and  one  worked  the  night  shift,    if,    say,    in  this 
situation  Sergeant  Madaras  came  up  and  said,    I've  got 
all  these  problems  with  my  computer,   would  you  do  the 
reimaging  before  seeing  PFC  Manning  on  the  night  shift 
or  how  did  you  do  that? 

A  No,    I  made  sure  I  tried  to  cover  both 

shifts .     I  would  come  in  the  middle  of  the  day  shift 
and  work  through  the  rest  of  the  day  and  half  the  night 
shift  as  well  so  I  can  see  both  users  and  confirm  the 
problems  with  both  users  and  make  sure  they  were  both 
aware  what  was  going  on. 

I  wouldn ' t  want  to  take  the  machine  down 
and  possibly  lose  data  without  talking  to  both  users  to 
find  out  what  both  users  needed  as  data  transferred 
from  one  machine  to  another  or  one  hard  drive  to  another. 

Q  When  you  reimaged  the  machine  of  Sergeant 
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Madaras  and  PFC  Manning,   what  did  PFC  Manning  say  about 
his  data,   did  he  want  it  — 

A  They  both  wanted  their  data  as  far  as  I  can 

recall,   but  I  can't  recall  specific  conversation. 

Q  But  they  both  wanted  their  data  or  all  of 

their  data,   was  that  typical? 

A  That  was  typical .     Most  users  always  wanted 

their  data .      It  was  not  uncommon . 

THE  COURT:     Any  followup  based  on  that? 
MR .   COOMBS :     No ,   ma ' am . 
MR.   WHYTE:     No  ma'am. 

THE  COURT:     Temporary  or  permanent? 
MR .   WHYTE :     Temporary . 

THE  COURT:     You  are  temporarily  excused. 
Please  don't  discuss  your  testimony  or  knowledge  about 
the  case  with  anyone  other  than  counsel  or  the  accused. 

THE  WITNESS:     Yes,  ma'am. 

MR.   FEIN:     Ma'am,   the  United  States 
requests  a  10— minute  recess. 

THE  COURT:     Court  is  in  recess  until  1825 

or  6:25. 
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(Brief  recess.) 

THE  COURT:     Let  the  record  reflect  all 
parties  present  when  the  court  last  recessed  are  again 
present  in  court . 

The  parties  met  with  me  briefly  for  an 
RCM802  session  and  it  appears  they  are  working  to 
address  other  stipulations  of  expected  testimony  and 
that  work  will  require  some  time  and  because  of  that 
and  some  other  logistic  issues  to  include  some  weather 
issues  that  we ' re  expecting  tomorrow,   this  court  is 
going  to  go  in  recess  tonight  and  we  will  begin  again 
like  we  did  last  week  at  0930  on  Monday  morning. 

Anything  else  that  the  parties  would  like 

to  add? 

MR.   FEIN:     That  was  everything,  ma'am. 
MR.    COOMBS:  No. 

THE  COURT:     Anything  we  need  to  address 
before  we  recess? 

Court  is  recessed  6:22  until  9:30  a.m. 

Monday . 

(Court  adjourned  at  6:22  p.m.) 
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